Florian Weimer <[EMAIL PROTECTED]> writes:
> * Perry E. Metzger:
>> Marcos el Ruptor <[EMAIL PROTECTED]> writes:
>>> Nonsense. Total nonsense. A half-decent reverse engineer does not
>>> need the source code and can easily determine the exact operation of
>>> all the security-related components from the compiled executables,
>>> extracted ROM/EPROM code or reversed FPGA/ASIC layout
>> I'm glad to know that you have managed to disprove Rice's
>> Theorem.
> Call me a speciest, but it's not clear if Rice's Theorem applies to
> humans.

If it doesn't apply to humans, that implies that humans are somehow
able to do computations that Turing Machines can't. I am sufficiently
skeptical of that to say, flat out, I don't believe it. If anything,
Turing Machines are more capable -- humans are only equivalent to
(large) finite state machines.

> While Marcos' approach is somewhat off the mark ("source-code
> equivalent that works for me" vs. "conformance of potentially
> malicious code to a harmless spec"), keep in mind that object code
> validation has been performed for safety-critical code for quite a
> while.

Certainly. You can use formal methods to prove the properties of
certain specially created systems -- the systems have to be produced
specially so that the proofs are possible. What you can't do in
general is take an existing system and prove security properties after
the fact.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to