[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL

dan at geer.org dan at geer.org
Thu Apr 10 21:06:50 PDT 2014

 | And time to start building from source, examining source diffs, and
 | devising one's own stress tests.


Countering trusting trust through diverse double-compiling

An air force evaluation of Multics, and Ken Thompson's famous Turing
award lecture "reflections on trusting trust, " showed that compilers
can be subverted to insert malicious Trojan horses into critical
software, including themselves. If this attack goes undetected, even
complete analysis of a system's source code can not find the malicious
code that is running, and methods for detecting this particular attack
are not widely known. This paper describes a practical technique, termed
diverse double-compiling (DDC), that detects this attack and some
compiler defects as well. Simply recompile the source code twice: once
with a second (trusted) compiler, and again using the result of the
first compilation. If the result is bit-for-bit identical with the
untrusted binary, then the source code accurately represents the binary.
This technique has been mentioned informally, but its issues and
ramifications have not been identified or discussed in a peer-reviewed
work, nor has a public demonstration been made. This paper describes the
technique, justifies it, describes how to overcome practical challenges,
and demonstrates it.

More information about the cypherpunks mailing list