OpenSparc -- the open source chip (except for the crypto parts)
Florian Weimer
fweimer at bfk.de
Mon May 5 07:41:45 EDT 2008
* Perry E. Metzger:
> Marcos el Ruptor <ruptor at cryptolib.com> writes:
>> Nonsense. Total nonsense. A half-decent reverse engineer does not
>> need the source code and can easily determine the exact operation of
>> all the security-related components from the compiled executables,
>> extracted ROM/EPROM code or reversed FPGA/ASIC layout
>
> I'm glad to know that you have managed to disprove Rice's
> Theorem.
Call me a speciest, but it's not clear if Rice's Theorem applies to
humans.
While Marcos' approach is somewhat off the mark ("source-code
equivalent that works for me" vs. "conformance of potentially
malicious code to a harmless spec"), keep in mind that object code
validation has been performed for safety-critical code for quite a
while. The idea is that code for which some soundness property cannot
be shown simply fails validation. It doesn't matter if the validator
is not clever enough, or if the code is actually bogus.
(And for most (all?) non-trivial software, source code acquisition
costs are way below validiation costs, so public availability of
source code is indeed a red herring.)
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list