Perry E. Metzger wrote:
What you can't do, full stop, is
know that there are no unexpected security related behaviors in the
hardware or software. That's just not possible.
Ben Laurie wrote:
Rice's theorem says you can't _always_ solve this problem. It says
nothing about figuring out
On May 6, 2008, at 1:14 AM, James A. Donald wrote:
Perry E. Metzger wrote:
What you can't do, full stop, is
know that there are no unexpected security related behaviors in the
hardware or software. That's just not possible.
Ben Laurie wrote:
Rice's theorem says you can't _always_ solve
but also a proof that the source code one has is the source of the
implementation.
This is an unsolved problem for code in tamper-resistant devices. There are
precious few procedures to, for example, determine that the CAC card that
was issued to Pfc. Sally Green this morning bears any
At Sun, 04 May 2008 20:14:42 -0400,
Perry E. Metzger wrote:
Marcos el Ruptor [EMAIL PROTECTED] writes:
All this open-source promotion is a huge waste of time. Us crackers
know exactly how all the executables we care about (especially all
the crypto and security related programs) work.
* Perry E. Metzger:
Marcos el Ruptor [EMAIL PROTECTED] writes:
Nonsense. Total nonsense. A half-decent reverse engineer does not
need the source code and can easily determine the exact operation of
all the security-related components from the compiled executables,
extracted ROM/EPROM code
Perry E. Metzger wrote:
Marcos el Ruptor [EMAIL PROTECTED] writes:
To be sure that implementation does not contain back-doors, one needs
not only some source code but also a proof that the source code one
has is the source of the implementation.
Nonsense. Total nonsense. A half-decent reverse
Ben Laurie [EMAIL PROTECTED] writes:
I think that's blatantly untrue. For example, if I look at an AND
gate, I can be absolutely sure about its security properties.
An AND gate isn't Turing Equivalent.
Rice's theorem says you can't _always_ solve this problem. It says
nothing about figuring
Florian Weimer [EMAIL PROTECTED] writes:
* Perry E. Metzger:
Marcos el Ruptor [EMAIL PROTECTED] writes:
Nonsense. Total nonsense. A half-decent reverse engineer does not
need the source code and can easily determine the exact operation of
all the security-related components from the
Nonsense. Total nonsense. A half-decent reverse engineer does not
need the source code and can easily determine the exact operation of
all the security-related components from the compiled executables,
extracted ROM/EPROM code or reversed FPGA/ASIC layout
I'm glad to know that you have managed
On Thu, 1 May 2008, zooko wrote:
I would think that it also helps if a company publishes the source
code and complete verification tools for their chips, such as Sun has
done with the Ultrasparc T2 under the GPL.
To be sure that implementation does not contain back-doors, one needs
not only
To be sure that implementation does not contain back-doors, one needs
not only some source code but also a proof that the source code one
has is the source of the implementation.
Nonsense. Total nonsense. A half-decent reverse engineer does not
need the source code and can easily determine
Marcos el Ruptor [EMAIL PROTECTED] writes:
To be sure that implementation does not contain back-doors, one needs
not only some source code but also a proof that the source code one
has is the source of the implementation.
Nonsense. Total nonsense. A half-decent reverse engineer does not
12 matches
Mail list logo
