I'd agree that 100% paranoic will never trust hardware vendor as well. Only own manufactured components should be used in conjunction with md5/sha1 checksum evaluation and source code audit.
5 MARTA 2012 G. 17:00 POLXZOWATELX Rudolf Leitgeb <rudolf.leit...@gmx.at>NAPISAL: > Am Montag, 5. MC$rz 2012, 10:12:02 schrieb P P;Q Q P(P8P?P8Q P8P=: > > P.S. I'm not a paranoic, but I respect people to be paranoic if they want > > to. > > You can be paranoid about the sources and binaries all you want, but you > still > don't know the CPU which executes all that code. Even if Intel/AMD would > give > you full access to their CPU blue prints, the chip foundry could add things > you > would not notice. > > That's the reason why companies which make secure encryption devices would > never trust any CPU/OS combo. Depending on paranoia they offer you either > an FPGA based solution or a hard wired one from logic ICs. > > And even if you create the most trusted device, using nothing but 100 year > old > relays and passive components, you are still prone to the "we will whack > you > with > a wrench if you don't give me your keys" attack. Very, very effective.