On Fri, Dec 17, 2010 at 4:53 PM, Bernie Cosell <ber...@fantasyfarm.com> wrote: > On 17 Dec 2010 at 17:30, Peter Gutmann wrote: > >> ...There'll be no way to tell whether any of the dozens of >> tweaks and changes are a backdoor or not. How would you tell whether >> something like a cast "( uint32_t ) /* For Solaris 9 with the SunPro 4.2 >> compiler */" is be a portability fix or a backdoor? If I wanted to backdoor >> something, I'd go for private-key leakage in DLP PKCs, which are notoriously >> bad in terms of leaking key bits if you even look at them funny. > > Of course, there's always the famous backdoor Ken Thompson put into the > Unix login program: > > <http://scienceblogs.com/goodmath/2007/04/strange_loops_dennis_ritchie_a.p > hp> > > I have no idea how you'd find that if you even suspected something was > amiss.
The Thompson Turing Award acceptance speech was truly wonderful. However, David Wheeler showed how to counter trojan horse attacks on compilers in 'Fully Countering Trusting Trust through Diverse Double-Compiling' http://www.dwheeler.com/trusting-trust/ Interestingly enough, 26 years passed by the Thompson speech and the dissertation by Wheeler. -- Alfonso De Gregorio, blogs at http://Plaintext.crypto.lo.gy BeeWise, Security Event Futures - http://beewise.org/ _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography