From: Eugen Leitl (eugen@leitl.org)
Date: Mon Sep 02 2002 - 05:48:49 MDT
On Sun, 1 Sep 2002, Hal Finney wrote:
> Of course you may be too paranoid to trust this chip, although you are
> probably trusting other chips to an even greater degree.
Networked systems, yes. It would require quite a trans-vendor NIC/switch
conspiracy to hide magic packets from firewalls, though. An air-gapped
machine is imo reasonably secure. There's just not that much you can hide
in the CPU/chipset. I don't think gcc is trojaned to recognize and screw
with OpenSSL/PGP/GPG, too many people are using it. It would be easy
enough to check, by bootstrapping from a known good C compiler.
It is probably easier to trojan the algorithm at design stage. But it has
to be really subtle.
I wouldn't bet my life on it, of course. The only thing I'm reasonably
sure about that it's difficult to screw up one time pads using reasonable
amounts of clue.
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 09:16:38 MST