Ask HN: What threats are present with SELinux, AES, etc?
Forgive the general lack of knowledge about security and cryptography. I had previously operated under the assumption that NSA developed systems for security were pretty sound for business use. Is there any evidence of backdoors or other existential threats to security by using these systems?
1 comment
[ 3.6 ms ] story [ 14.1 ms ] threadThis means:
1) It has had review by members outside of the NSA before inclusion into the kernel.
2) The source is available for anyone to view.
3) You can audit the source right now! :)
Because of this, one can reason that there is very low probability for a "NSA backdoor". Having said that, you can audit the source to make sure.
The same can be said for certain implementations of AES such as that found in OpenSSL. I can't vouch for the specific algorithms involved being secure however, so I'll leave that to someone specialized in cryptology :)
SELinux is only as secure as the access policies in place on your system and only certain distributions (like Fedora) actually distribute SELinux policies.