[7193] in cryptography@c2.net mail archive
Re: NSA back doors in encryption products
daemon@ATHENA.MIT.EDU (David Honig)
Thu May 25 23:57:16 2000
Message-Id: <3.0.6.32.20000525091247.007f2580@pop.sprynet.com>
Date: Thu, 25 May 2000 09:12:47 -0700
To: Jim Choate <ravage@einstein.ssz.com>,
Eugene Leitl <eugene.leitl@lrz.uni-muenchen.de>
From: David Honig <honig@sprynet.com>
Cc: Rick Smith <rick_smith@securecomputing.com>,
"Arnold G. Reinhold" <reinhold@world.std.com>,
John Gilmore <gnu@toad.com>, cryptography@c2.net, gnu@cygnus.com
In-Reply-To: <Pine.LNX.3.96.1000524184144.30672K-100000@einstein.ssz.com
>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
At 06:42 PM 5/24/00 -0500, Jim Choate wrote:
>
>On Wed, 24 May 2000, Eugene Leitl wrote:
>>The prudent assumption is hence: your online system
>> can't be completely trusted, whether OpenSource, or not. Encryption
>> should be done in hardware.
>
>Bull, the hardware companies aren't any more trustworthy.
No but their product is less mutable.
And actually you can reverse engineer hardware. Firms do it
commercially every day.
While a cipher is great in hardware, ciphers don't
change --they don't track 'standards' like protocols. More and
more crypto- (and other) hardware contains firmware in changable locations.
More convenient (upgrades, fixes) that way, of course. But
subvertable.
Your data still goes through an operating system, etc., so the
real issue is a closed system: encrypt on a PDA which is under your
close personal control and does not download new executables. Let your
untrustworthy networked-PC be merely its gateway.
