[Cryptography] God Mode backdoors

Ray Dillinger bear at sonic.net
Sat Aug 18 14:57:27 EDT 2018



On 08/18/2018 08:44 AM, Bill Frantz wrote:
> On 8/17/18 at 7:24 PM, bear at sonic.net (Ray Dillinger) wrote:
> 
>> If you really want to do crypto without backdoors, I think you have very
>> few options, and even fewer practical options.
>>
> The big question with any approach is where is the plain-text secret
> kept. If it is on an Internet connected computer, game over, you lose.


The real problem is that we have now seen that the stack of things
you can't trust goes all the way to the bottom of the pile, and
therefore have cause to question whether working on computer security
even has any point.

There was a time you could inspect the source code and think that you
were sure of no deliberate backdoors.  But now you can only inspect the
source code and say that you don't think the backdoors are in the code.

The problem is the code is what we can work with.  We don't get access
to the chip fab process.  Even if the manufacturers let people examine
some chip masks there is no way for us to be sure that the chips they
are actually selling were made from that version of the mask.

Modern chip fabs cost in the $Billions and that means they are few and
the people in charge of them very much under the thumb of whatever
authorities are in charge in their area.  Chip fabs are assets which can
be seized if their owners don't kowtow, and most people don't want to
lose something worth $Billions.

And so every router from China has a chip-level backdoor that allows
Chinese government access.  And every switch from where they do the
board assembly in Taiwan has a BIOS-level backdoor that allows Taiwanese
government access.  And every computer from Intel is made according to
masks made in the USA and has backdoors for US government access.  And
so on.

And now that we understand this, do we throw up our hands and leave in
disgust, despairing of ever getting hardware rid of all the saboteurs so
that it would be worthwhile even to *TRY* to write secure software?

Because, as Bill points out, sooner or later we want the plaintext, and
if it's going to be routinely secure, we want it on an
internet-connected device.

			Bear


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180818/6c245b8a/attachment.sig>


More information about the cryptography mailing list