[Cryptography] This is why we have Stuxnet
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Mar 21 23:26:25 EDT 2016
Perry E. Metzger <perry at piermont.com> writes:
>On Mon, 21 Mar 2016 05:59:26 +0000 Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
>
>>[Terrifying story of incompetence elided.]
>
>But you haven't let us in on who the vendor is.
I didn't want To poInt the finger at any particular vendor because many of the
others probably aren't that much better, and in terms of usability the
experience wasn't too bad, the hairy collection of Tcl scripts that runs
everything in the background does actually work and the debug experience isn't
that much more painful than a native build of the code (which is pretty
impressive for embedded). They'll also sell you eval kits for a few tens of
dollars rather than $1,500 like many vendors do. So ten out of ten for style,
but minus several million for good thinking.
Another thing with this particular SDK is that the whole thing seems to have
been assembled by people who are primarily hardware engineers (again, very
common in embedded, nice hardware, hacked-together software), so the hardware
is outstanding, really really well thought-out and designed [0], while the
software is held together with duct tape.
Peter.
[0] And I don't say that lightly.
More information about the cryptography
mailing list