OpenSparc -- the open source chip (except for the crypto parts)

Florian Weimer fweimer at
Mon May 5 07:41:45 EDT 2008

* Perry E. Metzger:

> Marcos el Ruptor <ruptor at> writes:

>> Nonsense. Total nonsense. A half-decent reverse engineer does not
>> need the source code and can easily determine the exact operation of
>> all the security-related components from the compiled executables,
>> extracted ROM/EPROM code or reversed FPGA/ASIC layout
> I'm glad to know that you have managed to disprove Rice's
> Theorem.

Call me a speciest, but it's not clear if Rice's Theorem applies to

While Marcos' approach is somewhat off the mark ("source-code
equivalent that works for me" vs. "conformance of potentially
malicious code to a harmless spec"), keep in mind that object code
validation has been performed for safety-critical code for quite a
while.  The idea is that code for which some soundness property cannot
be shown simply fails validation.  It doesn't matter if the validator
is not clever enough, or if the code is actually bogus.

(And for most (all?) non-trivial software, source code acquisition
costs are way below validiation costs, so public availability of
source code is indeed a red herring.)

Florian Weimer                <fweimer at>
BFK edv-consulting GmbH
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list