[122536] in cryptography@c2.net mail archive
Re: OpenSparc -- the open source chip (except for the crypto parts)
daemon@ATHENA.MIT.EDU (Ben Laurie)
Mon May 5 19:55:43 2008
Date: Mon, 05 May 2008 12:05:01 +0100
From: Ben Laurie <ben@links.org>
To: "Perry E. Metzger" <perry@piermont.com>
CC: Marcos el Ruptor <ruptor@cryptolib.com>,
Cryptography <cryptography@metzdowd.com>
In-Reply-To: <87r6chmwst.fsf@snark.cb.piermont.com>
Perry E. Metzger wrote:
> Marcos el Ruptor <ruptor@cryptolib.com> writes:
>>> To be sure that implementation does not contain back-doors, one needs
>>> not only some source code but also a proof that the source code one
>>> has is the source of the implementation.
>> Nonsense. Total nonsense. A half-decent reverse engineer does not
>> need the source code and can easily determine the exact operation of
>> all the security-related components from the compiled executables,
>> extracted ROM/EPROM code or reversed FPGA/ASIC layout
>
> I'm glad to know that you have managed to disprove Rice's
> Theorem. Could you explain to us how you did it? I suspect there's an
> ACM Turing Award awaiting you.
>
> Being slightly less sarcastic for the moment, I'm sure that a good
> reverse engineer can figure out approximately what a program does by
> looking at the binaries and approximately what an ASIC does given
> good equipment to get the layout. What you can't do, full stop, is
> know that there are no unexpected security related behaviors in the
> hardware or software. That's just not possible.
I think that's blatantly untrue. For example, if I look at an AND gate,
I can be absolutely sure about its security properties.
Rice's theorem says you can't _always_ solve this problem. It says
nothing about figuring out special cases.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
