On Thu, 29 Jan 2009, John Gilmore wrote:
> If it comes from the "Trusted Computing Group", you can pretty much
> assume that it will make your computer *less* trustworthy.  Their idea
> of a trusted computer is one that random unrelated third parties can
> trust to subvert the will of the computer's owner.

Indeed, the classic question is "I've just bought this new computer
which claims to have full-disk encryption.  Is there any practical
way I can assure myself that there are (likely) no backdoors in/around
the encryption?"

For open-source software encryption (be it swap-space, file-system,
and/or full-disk), the answer is "yes":  I can assess the developers'
reputations, I can read the source code, and/or I can take note of
what other people say who've read the source code.

Alas, I can think of no practical way to get a "yes" answer to my
question if the encryption is done in hardware, disk-drive firmware,
or indeed anywhere except "software that I fully control".

-- Jonathan Thornburg <jth...@astro.indiana.edu>
   Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
   "Washing one's hands of the conflict between the powerful and the
    powerless means to side with the powerful, not to be neutral."
                                      -- quote by Freire / poster by Oxfam

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to