[117867] in Cypherpunks

home help back first fref pref prev next nref lref last post

chips, trust, waldoes, ultranoia etc.

daemon@ATHENA.MIT.EDU (Anonymous)
Mon Sep 13 17:50:54 1999

Date: Mon, 13 Sep 1999 23:22:35 +0200 (CEST)
Message-Id: <199909132122.XAA06864@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@algebra.com
Reply-To: Anonymous <nobody@replay.com>

At 09:16 AM 9/13/99 -0700, Tim May wrote:
>>There are a lot of people at the Fabs who need green cards.
>
>Paranoid, ignorant bullshit.
>
>Designs don't work this way. Fabs don't change designs. Even designers who
need green cards don't get to change designs.

You think all those 'Waldos' on chips were designed in?  

Ok, let me be more precise.  *Mask layout people* get the final say.
(They are the typesetters; Fabs are the presses,
chip designers the authors.  Authors skim galley proofs, and presses just
print what they're given.  The typesetter can have some fun.) 

Certainly you can do much more complex (devious) things
if you build in your back door at the HDL level.  But its
hard to trust something made by so many, no matter how
much the master chef talks about the freshness of ingredients.  Other cooks
could have poisoned the soup.

Not only the HDL, but the tools which generate the masks
from the HDL should be inspectable.  Not "Free", or "Open Source", etc.,
but inspectible.  Then you can, by regenerating and comparing, verify that
the production masks have no special undocumented features.

(Switching to s/ware) 
You think there's no way a microsoft security-systems 
programmer could be bought with patriotism and a carrot?
"Debugging code" and "forgot to remove it from the release" make
fine deniability.

If we could inspect the MS source, and run it through
their production compiler, we could compare bit by bit
for object level mods.   (This is in addition to 
a regular security analysis of the source itself)

For a chip, if we could inspect the HDL,
run it through Synopsys with the correct library and
settings, and get the masks we see on chip, we have
high assurance that the chip does what the source says it does
*and nothing else*.  (Of course assuring that the source code
does what the *specs* require, and that the specs require
the right thing, is another problem..)

-Wait til they see the bats...







  





home help back first fref pref prev next nref lref last post