[Cryptography] cheap sources of entropy
Bill Frantz
frantz at pwpconsult.com
Mon Jan 20 16:05:00 EST 2014
On 1/20/14 at 9:13 AM, crypto.jmk at gmail.com (John Kelsey) wrote:
>The problem is, nobody makes *everything* they use. A
>sufficiently resourceful attacker might attack your device on
>all kinds of levels, and you can't possibly check them all
>yourself. This has even been worked out by people with s lot
>of resources--classified systems apparently use a lot of off
>the shelf components now, for economic reasons. The folks who
>run those systems would love to be paranoid enough to verify
>everything in their system, but they can't--it would cost too much.
Hmm, 12AX7s cost about $15 and burn a bunch of power. How many
do I need to perform useful computation? Using the LGP-30
computer as an example, not very many. In any case, there is
probably a simple enough technology where concerns about back
doors devolve into pure paranoia. Of course this approach
doesn't scale to high performance, so we can't use it. :-)
>I spent some time running through this with e-voting...
Note that paper and human voting systems have been successfully
attacked. My favorite attack occurred in Chicago in the mid-20th
century. Ballot counters from one party glued pencil leads under
their fingernails. When they counted a ballot for the "wrong"
candidate, they marked an X for the correct candidate as well,
thereby invalidating the ballot.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz |Security, like correctness, is| Periwinkle
(408)356-8506 |not an add-on feature. - Attr-| 16345
Englewood Ave
www.pwpconsult.com |ibuted to Andrew Tanenbaum | Los Gatos,
CA 95032
More information about the cryptography
mailing list