[Cryptography] [FORGED] Attackers will always win, and it's getting worse!

[Peter Gutmann]

Thierry Moreau <thierry.moreau at connotech.com> writes:

>The problem with this model is that the integrity of the loaded algorithm
>implementation (and the loading media) is very hard to support by sufficient
>evidence.

The NSA control the supply chain and can institute whatever measures they feel
appropriate to provide the assurance they require.  That's the point, they have
the luxury to be able to decide to use whatever they feel is appropriate,
rather than the cheapest Arm core they can buy from a Chinese vendor augmented
by a toolchain they downloaded off the Internet and a patched BSP one of their
developers found on ftp.virusbucket.ru.

Peter.