Old PC as Hardware Security Module?

Casey Jones groups at caseyljones.net
Tue May 15 10:24:47 CEST 2007


Robert J. Hansen wrote:
> I apologize if I sound terse here, but this conversation has (IMO)  
> jumped the shark.
> 
>> But how can we be confident?
> 
> Cf. Thompson, K. _Reflections on trusting trust_.  Comm. ACM 27, 8  
> (Aug. 1984), 761-763.
> 
> A digital version of it is currently available at http://www.acm.org/ 
> classics/sep95/, but links tend to be ephemeral, so read it while you  
> can.
> 
> Once you've read it, decide whether you can even trust the compiler  
> you're using to compile GnuPG.  Finally, come back here and see  
> whether that same logic can be used to decide whether to trust GnuPG.
> 
> If you're chasing a neverending shadow of "well, someone might attack  
> the system this way...", you're ultimately left hand-hacking machine  
> instructions for a low transistor count chip whose design you have  
> personally validated and lithographed onto a sliver of six-nines pure  
> silicon you smelted yourself.
> 
> That's what lies at the bottom of this rabbit hole.

But how do you know they didn't use quantum mechanics to compromise the 
silicon atoms?

Seriously though, that's a classic paper but what are you saying? If 
you're using gpg then you're not trusting nothing. It would be pointless 
to use gpg if you haven't decided that it is worthy of at least some 
significant level of trust. Is it not legitimate then to discuss what 
level of trust it deserves and what level of trust is sufficient for 
what purpose?

Often times it is worth it to put trust in something even if it isn't as 
trustworthy as you would like. The people that were using the Java 
Anonymous Proxy may have decided that the benefits outweighed the risks. 
If JAP users had known that the German government could legally compel 
the JAP developers to secretly compromise the system, would that be a 
significant factor in deciding whether to use it or use something else?

If the German government can legally compel the distributors of the 
OpenPGP Card to secretly compromise it, would that be a significant 
consideration in deciding whether to use it or switch to something open 
source? Is it really unreasonable of me to ask such questions?



More information about the Gnupg-users mailing list