Peter Lebbing <pe...@digitalbrains.com> wrote: >On 02/12/13 20:37, Andreas Schwier (ML) wrote: >> Wait a second - you can not simply hide a backdoor in a Common >Criteria >> evaluated operating system. There are too many entities that would >need >> to be involved in the process > >Why couldn't the manufacturer simply put a different, backdoored >firmware in the >card ROM than the one they showed to the other entities? Are those >other >entities physically examining the ROM mask of the final product or >somehow >bypassing the code protection and reading out the flash ROM?
On that note, why assume that the manufacturer would not do the opposite: feign helping the spy agency by giving them a compromised ROM and then substituting a secure one on the real product. In either case, we are assuming the company would try to supply different bodies with different ROMs. It is not that the mentioned scenario is impossible. It is that it just seems like too much effort to be made by a company that has no benefit in such duplicity. Cheers, --Paul -- PGP: 3DB6D884 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
