[118107] in Cypherpunks
RE: Anonymous Remailers
daemon@ATHENA.MIT.EDU (Lucky Green)
Mon Sep 20 01:34:44 1999
From: "Lucky Green" <shamrock@cypherpunks.to>
To: <cypherpunks@cyberpass.net>
Date: Sun, 19 Sep 1999 22:22:39 -0700
Message-ID: <NDBBIFGOKODBCKDGJDKLCEEKCHAA.shamrock@cypherpunks.to>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <199909200401.GAA06011@mail.replay.com>
Reply-To: "Lucky Green" <shamrock@cypherpunks.to>
Anon wrote:
> > It seem possible (maybe even probable) that the boxes have been "black
> > bagged" so the operators wouldn't suspect anything. We're talking
> > about organizations that have *billions* of dollars and are extremely
> > sophisticated both technologically & operationally.
>
> Good point. It's pretty ironic that cypherpunks descend into fits of
> paranoia at the thought of using a hardware RNG, but they're willing to
> blindly trust all kinds of network connected services.
I am starting to get sick of Anon's ignorant comments. My job title in my
day job is "Senior Security Specialist". I should be fired if I didn't
recommend to our customers to flat-out ignore an RNG for which only
post-whitening/normalization output is available. And this holds true
irrespective of any concerns about deliberate tampering. Only the most
incompetent individual would discount the possibility of bugs in software or
hardware. Reliability and security are not just a function of on careful
design, but even more so of exhaustive testing. If you can't test a system
component, you can't trust the system component. No conspiracy theories
need. End of story.
--Lucky
