This word has always troubled me with it’s meaning. I have struggled to understand what it meant in real terms. In computer security, it means the lines of code that the attacker can read to find a mistake. It is the trusted (not trustworthy) code that should be minimized to stay secure.
Most people who are concerned about computer security today use linux-kernels which has about 27.8 million lines of code. Yes, that’s right. 27,800,000 lines. And that’s just the kernel! If we consider an Operating System like Qubes OS, which trusts Xen hypervisor and not Linux kernel, which has about 0.15 million lines of code. That’s still 150,000 lines. Tons and tons of bugs should exist in them.
If we still move to an OS which is reasonably easy to install like FreeBSD, it has about 9 million lines of code. OpenBSD contains about 3 million lines of code. BSDs still have way lower attack surface than linux which shows how much better their quality is but they too have some bugs.
Let us pull back. In such gigantic amounts of C code, how can an average person like me or you verify that some thing or data is secure. [Say I send hello to you on cli based tox client, how do I know for sure that only me and you can read this hello and no one else can.].
Here is how the solution may look like:
How do I know that the binary made has no tampering and the code which I read has been compiled.(Now comes the worst part.)
Above 8 steps are still the easy part when you compare it to convincing the person on the other end to follow a similar method. If you cannot convince the person on other end, your message will be leaked through that end.
How can defensive security even work in such scenario?! If I am a powerful person in a country like a Supreme Court Judge or Prime Minister, I would certainly need secure communication but how could I implement it?!
It troubles me that such a thing is too difficult in today’s world where everyone trusts mobiles and computers with the most sensitive of their secrets.
Joanna Rutkowska, founder of Qubes OS has a status on one of her public pages that “We do not trust computer systems.” which is such a harsh reality.
Can we really trust computers, ever! With today’s code bases of millions of lines in gcc and linux and kde and many more, I say fuck no! (Obviously we won’t talk about blobs here)
There are a few characteristics which I think a software must have to be secure:
1st one is very difficult in my view but maybe 1 day, it will be available everywhere. Till then, do not trust computers!
Sagar Acharya [11th March 2021]