Closed CPU's and Fabs Untrustworthy

juan juan.g71 at gmail.com
Fri Jun 17 21:28:24 PDT 2016 

On Fri, 17 Jun 2016 21:09:21 -0500
Anthony Papillion <anthony at cajuntechie.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On 6/17/2016 6:05 PM, juan wrote:
> > On Fri, 17 Jun 2016 13:52:38 -0500 Anthony Papillion 
> > <anthony at cajuntechie.org> wrote:
> > 
> >> 
> >> There's value in running security software on a compromised 
> >> system because it helps to stop /mass/ surveillance.
> > 
> > Does it? Your servers are compromised and so are your 'SSL' 
> > connections...your tor routers are obviously compromised...any 
> > system used to defend against mass surveillance that you run on 
> > compromised hardware is...compromised.
> 
> Yes it does. Because before Snowden, they were basically capturing
> data right off the wire in many cases. 


	And now more people turned https on? So the gov't now has to
	steal keys? And how hard could it be to steal keys when all
	intel/amd processors are backdoored? 
 

	Also, you say "before snowden", but it just so happens that
	there were people giving the game away before snowden did : 

	This is from 2006

	https://en.wikipedia.org/wiki/Room_641A 

	


> They were passive. It just
> flowed right into their filters. Compromised hardware doesn't stop
> them from getting your data in all cases, but it makes them work a
> little more for it. They can't just sit on the wire and collect it
> because they have to address the differences in each compromised
> system. They have to seek you out instead of sucking it all in.


	Yes, they now have to work more. But the million dollar
	question is how much more.



> 
> I don't have a problem with targeted surveillance For example, if the
> police believe (with good reason) that someone is plotting to bomb the
> Whitehouse, I believe they should absolutely have the right and the
> tools to monitor that person. 

	And I believe that blowing up the white house and its contents
	is an act of justice ;)


> That surveillance should stop the moment
> they either have enough to make an arrest or they realize they are
> wrong. Do you believe that no surveillance should happen at all for
> any reason? You believe that's reasonable?

	This being the cpunks mailing list I think it's reasonable to
	subscribe to libertarian anarchism and correctly see the
	government as the biggest criminal organization in town 
	and having zero legitimacy. So I don't think that anything the
	gov't does is reasonable (OK, defense of person and property
	would be reasonable IF they only did that, which is
	virtually impossible or an 'utopia')


> 
> >> It's that innocent people are getting caught in a dragnet and 
> >> that information could be used against them later.
> > Aren't they 'innocent'? If they are 'innocent' they 'have nothing 
> > to hide'.
> 
> I don't subscribe to that believe so please don't put words that I
> didn't say or assume beliefs that I haven't expressed. People who are
> caught in the surveillance dragnet /may/ be innocent of any crime or
> they might not be. We really don't know, do we? 


	We don't. My point is, if one believes the government is
	good and it catches the bad guys, then why would one 
	object to mass surveillance?  


> I'm sure that some if
> the information the agencies have gathered /do/ involve people who are
> guilty of crimes and the data might prove it. Some, probably most,
> don't. 

	'crimes' as defined by the government? Like smoking pot or gay
	sex?

	 But again,  the gov't uses mass surveillance. They discover
	 'criminals', which is allegedly good, while the innocent under
	 surveillance don't suffer any harm (they don't even know they
	 are being spied). What's the objection to mass surveillance
	 then? 



> 
> Also, I don't subscribe to the bs about 'if you have nothing to hide,
> you have nothing to fear'. 


	Why not? The goverment is good. Why shouldn't they know
	everything, in order to 'prevent' crimes and find 'criminals'? 



> Taking precautions to protect privacy
> should never be taken as evidence of guilt. I'm not ashamed of my
> naked body and there are times when I might even have no problem
> walking in front of a window naked. But there are also times when I
> want privacy and will draw my blinds. I don't hide the fact that I use
> the bathroom but that won't stop me from closing the door when I go
> in. In both of those cases, I'm not hiding anything. I'm exercising a
> right to /privacy/. My privacy, when I am not committing a crime that
> harms others, should /always/ be under my control.


	Right to privacy, sounds reasonable to me, but the government
	can claim that 'national security' trumps it. Or something.



> >> And the few that are likely don't have the money to bring up
> >> what it takes to do it. It's not like this is going to be
> >> bootstrapped by a Kickstarter.
> > 
> > 
> > Actually, it seems exactly like the kind of project that 
> > could/should be 'crowfunded'.
> > 
> > What's the 'minimum order' when dealing with something like TSMC ?
> > 
> OK, so I'll retract my statement above. Maybe this could be crowd
> sourced. But again, how do we guarantee fab security? 


	That is of course a good question...My answer is "I don't have
	the slightest idea" - grarpamp? 

	But at least the design and fabrication of micros seems doable.
	Not only that, there are a few designs already created...

	https://en.wikipedia.org/wiki/LEON
	https://en.wikipedia.org/wiki/LatticeMico32
	https://en.wikipedia.org/wiki/RISC-V
	https://en.wikipedia.org/wiki/S1_Core
	https://en.wikipedia.org/wiki/OpenSPARC




> If a company has
> to crowdfund a small number of chips, do you really think they are
> going to have the money to set up fab operations that they can closely
> audit and control?


	Building a fab isn't an option - at least not a 5 billion,
	state of the art fab. What can realistically be crowdfunded is
	the manufacturing of chips at one of the fabs that do that kind
	of work.


> 
> No, you're very right that they didn't. New attacks are being
> developed right now against vulnerabilities and backdoors we haven't
> even discovered yet. And the attacks get better and better especially
> when the companies collude with the government. It's not going to
> magically get better through simply knowing about how bad it is. That
> wasn't my point. 

	I see.


> But what can happen is larger and larger groups of
> people (who control the money that places like Intel are rather fond
> of) standing up and saying "we can't trust you so we're going
> elsewhere". Critical mass is needed to make a difference not just a
> few geeks ranting on Internet forums and mailing list. We don't have
> the market moving power that a larger group does. That's why making
> people aware and actually agitating the situation is so important.

	
	Yes, if enough people stopped buying stuff from intel, they
	might get worried. But how many people are we talking about?
	Tens of millions? More? Is it easier to convince that many
	people to boycott intel, or is it easier to manufacture open
	source processors for a smaller market more interested in
	security? 


> 
> >> Perfect is the enemy of good. If the spooks don't go after one 
> >> person because it would take more personalized resources than 
> >> simply catching them in a dragnet, that security has worked. We 
> >> don't need 'perfect'. We need 'good enough'.
> > 
> > 
> > 'good enough' requires working hardware, not hardware remotely 
> > controlled from washington.
> 
> No it doesn't. Good enough, in this case, means getting a bit of
> breathing room for people while the geeks figure out how we back the
> government off technically. Until they can't technically control every
> single piece of hardware, at least make it as hard as possible for
> them to control it. 


	Yeah, but in this particular case I don't see how software is
	going to do any damage control when 

	" the ME is capable of accessing any memory region without the
	main x86 CPU knowing about the existence of these accesses. It
	also runs a TCP/IP server on your network interface" 



> Sure, it's not solving the problem entirely but
> you have to admit it's going to protect some people who would
> otherwise get caught up in a dragnet. Their data isn't there anymore.
> 
> Don't get me wrong, I am 100% behind making hardware secure. But we
> can't be so focused on absolute security with no compromise that we
> /only/ work on that and leave everything wide open until we have
> absolute. 


	Yes, agreed. But what seems to have happened so far is that
	the majority of efforts have been directed at the software side
	of things. 

	

> That's kind of like "well, we think the NSA might be able to
> break TLS by asking for our private key so we'll just keep using HTTP
> until we develop a way where having our private key doesn't matter".
> You do what you can and then you refine it closer and closer to
> perfection.
> 
> Shit, I write a lot...
> 
> Sorry :)

	no worries =P




> -----BEGIN PGP SIGNATURE-----
> 
> iQIcBAEBCgAGBQJXZK1RAAoJEAKK33RTsEsVZP0QAJGSzHuvIDzoGJav/QG2eXOf
> hgl8Q/D/0/xStelYBsx2Sq6y6RHzczFeI3LlJdAT3W/WkqtugSCRtTtUFY4sHsyL
> gbRfCIkW2Yfg25z6fCr5iCp6rMqwEYlEy+H46tVsEizmGtYqVYo1jNaEsHMAzbbD
> SwTZ+I2sByKRoc+ArLzNiuEyp/1qynxQStocFNjZuhyJi7ujaKxK5k3V6Lh2HBkt
> dcNJngwJ7Ws4esIDDQ4DtzsNgK56GWMEt66GtUHGQaZxklB+QAwawZGgFpP2rHLu
> hjH72ko0doGwoSX1SRVATneqofq7WCvR7k8bRTV2ipsgGKHOpfndT6UBldK94ukL
> Tso2BOb7YVxgNIbz2BIOE4auJr9CNpQJSoaikoLkmQ1/IeYqqt7JAhdYR0VuBNbt
> 5sFUq0LejAQYZQSNoPX/38tlz6t7+9VO4iVn2iWzNp052/S3UwLvZaH/n9cfjaNm
> Hjhz0jebH2rzLdm3SlZr8F618luPuqgQg7HHNCdvm2MIlNc5oDKZOWhhfvvgDy1/
> q1wZPntscLdolM/VY1m4MZMOK219MEatp4lgNBxsChhKH5Op11LN2U6hUZ069Rgb
> TL121QmP7JfmkbpehVONRbhhbou8bKsbcRvBe7ZDaS1kp950npNY8vJOjbpcINAX
> ISgmOkyMy9JcdKhxwhOc
> =DS8O
> -----END PGP SIGNATURE-----

More information about the cypherpunks mailing list