<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Dec 18, 2013 at 2:46 AM, ianG <span dir="ltr"><<a href="mailto:iang@iang.org" target="_blank">iang@iang.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im"><br></div>
Yep. I think mine was grad level but I did it as undergrad. And, yes, we built a computer, and wrote a microcoded instruction set. A lot of fun. I'll admit my knowledge is way out of date tho, this was back in '83, the sophistication of what is now done in microcode has way eclipsed my understanding.</blockquote>
<div><br></div><div>Some chips have microcode on microcode. The DEC Alpha even let the operating system write instructions into the microcode (this allowed the chip to emulate the VAX four ring security system).</div><div>
<br></div><div>It would be difficult to smuggle code to bork the RNG into the microcode. But getting a backdoor in there that could allow the O/S to do the borking might be rather easier. In fact that is the only way that a mass manufactured chip could credibly bork a RNG whose design might be changed after the chip went to fab.</div>
<div><br></div><div>It is a long time since I read an instruction set for a CPU and I suspect I am not alone in that. Auditing a system down to the bare metal would be a big challenge.</div><div><br></div><div><br></div><div>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
As to whether the secret can be held, consider the story of DUAL_EC. That was a secret that Snowden knew, a contractor. </blockquote><div><br></div><div>Do we know this?</div><div><br></div><div>I thought that the evidence we had was an elliptic comment in a powerpoint slide that we have interpreted as being a smoking gun for the already suspect DUAL_EC_NRRNG (Not Really Random Number Generator)</div>
<div><br></div><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I draw from that, that a lot of people knew about the project. I also think that a certain amount of hubris affected the secrets sharing of the NSA over the last decade, they have done things that they promised would never come to light, and have been found out. E.g., somewhere it was reported that they got authorisation from Obama for Stuxnet on the promise that the secret would never come out.<br>
</blockquote><div><br></div><div>The code word is NOBUS 'Nobody But US'. </div><div><br></div><div>But I have it on authority that Snowden has changed the calculation. The insider risk means that the risk of disclosure is now very high, possibly as high as 1.0. That means far fewer NOBUS plans can be approved.</div>
<div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Consider also Olympic Games. That secret must have been shared by many hundreds, perhaps thousands, across multiple agencies & countries. Yet, the only way we found out was when the darn furriners found the samples and decided to ask around what they were.</blockquote>
<div><br></div><div>And might not have found out at all if the Israelis had not relaunched STUXNET with their own payload, or at least that is one story that NSA sources have tried to push.</div><div><br></div><div>Talking of which, one of the more surprising disclosures is that the NSA handed raw intercept traffic to Israel. So does this mean that US political organizations that are opposed to the Likud party policies have been spied on by their own government and the intelligence passed to their political enemies?</div>
<div><br></div><div>It certainly seems that the NSA didn't consider that possibility when they handed over the data. </div><div><br></div><div>It seems very likely to me that the NSA has been effectively intervening in domestic US politics and sabotaging the efforts of the Boycott, Sanctions and Disinvestment movement. </div>
<div><br></div><div>What other political causes are they using their powers to tip the scales? Mexico is pretty unhappy with the lack of US gun control laws, is the NSA sharing raw intelligence with Mexico to help fight the war on drugs? Which other countries are in the 'swapsies' club.</div>
<div><br></div><div><br></div><div>During the Reagan administration the CIA handed Saddam Hussein a list of the major opposition leaders who were promptly murdered. Handing over raw intelligence seems to me to be a way to achieve the same effect with more plausible deniability.</div>
<div><br></div><div><br></div></div><div><br></div>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>