Re: [Cryptography] trojans in the firmware
On Tue, Feb 24, 2015 at 8:53 PM, Jerry Leichter <leichter@lrw.com> wrote:
On Feb 24, 2015, at 2:24 AM, Ryan Carboni <ryacko@gmail.com> wrote:
Fighting against a nation state using equipment you cannot design yourself or anyone you know could design... don't.
But in fact you can't design or manufacture *everything*. Do you need control of your chips all the way back to mining the sand?
Aren't there really only a couple ways to solve this? A) Somewhat similar to the IAEA, everyone pick their own trusted and knowledgeable people, then assemble everyone's people together with orders: 1) Respect whatever soverign secrets you see [profits, design advantages, etc] 2) Just tell us what we want to know [do the chips that come out of the fab equal the designs that went into it, and are those designs free of trust issues] This is complicated by needing to insert yourself into those legacy areas, as well as verify essentially that of B below. B) Contact your favorite billionaires and pitch the case for a truly open fab. And yes, that could include starting from ...
Do you need control of your chips all the way back to mining the sand? [...] build a computer out of [...] simple logic gates JK-flipflops
Since that tech is already discovered, it would just be an open rapid physical rebuild of history from transistor to today. Maybe that would take 10 years of dedicated work to create a trusted fab that matches todays tech and can replicate itself. And if you think about it, it could be a profitable venture because if you did it right, you'd be able to openly and certifiably create trusted Orange Book / CC style hardware... something governments, large entities and even users have always wanted but haven't been able to obtain in affordable quantites and purposes. This may be easier because there's no legacy to remediate. And there's no reason you couldn't manufacture private chips too, the only restriction being that terms that would compromise the fab are not allowed. https://en.wikipedia.org/wiki/International_Atomic_Energy_Agency https://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria https://en.wikipedia.org/wiki/Trusted_computing_base http://cm.bell-labs.com/who/ken/trust.html https://en.wikipedia.org/wiki/Backdoor_(computing) https://en.wikipedia.org/wiki/Open-source_hardware
participants (1)
-
grarpamp