[5733] in cryptography@c2.net mail archive
Re: having source code for your CPU chip -- NOT
daemon@ATHENA.MIT.EDU (Martin Minow)
Thu Sep 23 08:31:52 1999
Date: Wed, 22 Sep 1999 22:26:05 -0700
From: Martin Minow <minow@pobox.com>
In-reply-to: <v0311076ab40eb366c0ef@[207.92.173.117]>
To: Bill Frantz <frantz@netcom.com>, Arnold Reinhold <reinhold@world.std.com>,
John Gilmore <gnu@toad.com>,
William Allen Simpson <wsimpson@greendragon.com>
Cc: cryptography@c2.net
Message-id: <v04210102b40f68d103d7@[63.193.122.223]>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii" ; format="flowed"
At 9:26 AM -0700 9/22/99, Bill Frantz wrote:
>
>My own approach would be to audit the generated code. In KeyKOS/370, we
>"solved" the problem by using an assembler which was written before KeyKOS
>was designed. (N.B. KeyKOS/370 was written in 370 Assembler H).
>
Yeah, but 370 Assembler H had a very extensive macro facility and
you could hide all kinds of wierd stuff in 370 code. Not too many
folk left around who can read it.
I have a copy of Decus C (Open Source PDP-11 C) lying around and
wrote enough of its compiler and code generator to know what it can
and cannot do, in case anyone is interested. The entire source code
of the C compiler is small enough to sight-verify in about a man-month.
A "Small C" compiler (see early issues of Dr. Dobbs) can be implemented
in about 3 man months and ought to be good enough for crypto work.
Martin Minow
minow@pobox.com
[And then how do you trust your assembler? Or the compiler and
assembler you compiled the C compiler on? And the linker? If you
really try hard enough on all this, you find your self smack dab in
front of Kurt Goedel's door, and he tends to have unpleasant news for
visitors who come to him looking for solace.
And of course, once you've done all this lovely work, the NSA comes in
and puts a microscopic bug into your keyboard cable in the night, or
replaces your hand verified assembler executables, or...
I suggest that in practical terms, one has to set some reasonable
limits on what one is willing to do to overcome risk. Paranoia is a
potential source of infinite work, but there is only a finite amount
of work one can do in a given lifetime. That is not to say that *some*
paranoia isn't of value, but perfect paranoia results in a perfect
absence of progress on one's projects.
--Perry]
