At 4:47 PM 2/25/96, "A. Padgett Peterson P.E. Information Security"
The nice thing about am implimentation in software is that the code can be examined for just this sort of thing *on a randomly selected operating unit*. - hard to do with a chip.
But of course one's compiler may have been subverted, as Ken Thompson showed some years back. Software implementations are sensitive to different sorts of attacks than hardware implementations are. Me. I don't have any hardware crypto chips at all, and think it unlikely I will in the next several years. So I use only software crypto implementations. And I admit to not having verified that my copy of MacPGP is the same one now at the various sites...I figure that if the NSA has pulled a blag bag job on me and replaced my MacPGP with a special version that I've got other problems to worry about! Your mileage may vary. If I were responsible for crypto for large financial transactions, I'd have a different set of worries. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."