_________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I'm relatively new to the list, so this may be an idea that's already been dealt with. If so, please let me know off-line. PGP was created as an end-run to legislation that would have mandated trapdoors in all encryption hardware/software sold in the U.S. Fortunately, such legislation has been defeated to date. How do we know the proposed legislation wasn't just a smoke screen? Isn't it possible that the Feds have already compromised Intel or MicroSoft? Is there some way to be sure that the new 486 chip running your computer isn't recording each PGP or RSA private key you generate? S a n d y ssandfort@attmail.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I'm relatively new to the list, so this may be an idea that's already been dealt with. If so, please let me know off-line.
PGP was created as an end-run to legislation that would have mandated trapdoors in all encryption hardware/software sold in the U.S. Fortunately, such legislation has been defeated to date.
How do we know the proposed legislation wasn't just a smoke screen? Isn't it possible that the Feds have already compromised Intel or MicroSoft? Is there some way to be sure that the new 486 chip running your computer isn't recording each PGP or RSA private key you generate?
S a n d y ssandfort@attmail.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Actually I would like to respond to this one, from a technical level silicon compilers use a process known as auto_insert logic, this a a process where known gate libraries are automatically inserted in the design of a chip, a gate level trapdoor may then be created by designing a multiple level interdiction program, (virus tech immediately came to mine on this one do to my work in both the MS-DOS and Unix virus/security area, the first attack is on the base OS that the OS for the cad package, generally its some variety of Unix(tm), next the CAD package that manages the chip design, and finally the silicon compiler itself, now while all these steps are essentially trivial to an informed engineer in the business they are essntially opaque to those outside of the design/foundry end for chip design, could they be attacked in this fashion to create a gate level backdoor ??? With a modest investment intime and money by an attacker no,doubt if he subverts an engineer on the project of interest.,-- whish could be at the CAD software ivendor, the OS vendor for the cad platform, now while design verification techniques are used in most chip houses it should be relatively trivial to bypass that given the complexity of todays designs... is it possible?? damn right, Has it happened yet ??? I wouldnt know you tell me... I worked on the CAD end, the OS end, and the Silicon compiler end as well as having the skills needed to the the open holes in the whole process... finding out a chip design had been compromised wouldnt surprise me in the least... A Chip level backdoor to reach into the middle of a running systems and grab public keys is another magnitutde of complexity above what we are discussing on the gate level... is it possibile? most certainly... It would cost immensely however, and would require the coorperation or subversion of several steps in the chain A LOT more code has to be hidden in those auto_insert libraries and the design verification process has to be MUCH more widely compromised, and I believe performance hits WOULD be detectable at the end user level WHAT do YOU think cheers kelly
participants (2)
-
kelly@netcom.com
-
ssandfort@attmail.com