"and our threat models assume that attackers have knowledge of source code" Azta mindenit! Ezt azért nem gondoltam volna! :)