OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Crypto Archives: Re: IP: If you have never looked at Network As

Re: IP: If you have never looked at Network Associates PGP tryit license

Subject: Re: IP: If you have never looked at Network Associates PGP tryit license
From: Michael Poole (poolegraviton.subatomic.org)
Date: Wed Dec 01 1999 - 15:41:52 CST

Eugene Leitl <eugene.leitllrz.uni-muenchen.de> writes:

> Jason J Holt writes:
>
> > And once you've got a safe
> > compiler, how do you know there isn't rogue microcode?
>
> You don't, of course. That's the reason you need noncorruptible
> _simple_ piece of peer-reviewed hardware. Best something so orthogonal
> (no place to hide hooks) as an FPGA, where you flash the bit pattern
> yourself.

Your paranoia obviously does not extend far enough -- an FPGA big
enough to be useful for (crypto or general-purpose) processing would
need a lot of gates. And with a lot of gates is space enough to hide
plenty of hooks, especially since the program bitstream goes through
a relatively few pins. So then you'd have to verify the hardware with
either a really good magnifying glass (*cough*) or an electron
microscope. And then you have to trust the people who made the
electron microscope.

You've got to trust someone, somewhere, if you want to use electronic
devices in today's technology level. Adjust who you trust depending on
your own personal paranoia level, and leave it at that -- discussions of
it are not actually on-topic for the coderpunks list.

-- Michael

This archive was generated by hypermail 2b27 : Wed Dec 01 1999 - 18:32:59 CST