I wrote
> 2. If you don't trust the hardware, then you shouldn't use it. Ever.
>
> It's really that simple: there's simply no way for software to be
> safe in the presence of malicious hardware. :(
>
> Indeed, there's no way for software to *detect* malicious hardware. :(
>
> See, for example, the classic paper
> @inproceedings{1996-1849,
> title={The Dark Side of "Black-Box" Cryptography, or: Should We Trust
> Capstone?},
> booktitle={CRYPTO},
> pages={89-103},
> authors={Adam Young and Moti Yung},
> year=1996
> url =
> "http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.54.616&rank=1";
> }
Sorry, that reference was a /dev/brain parity error on my part --
while an interesting paper, it discusses something a bit different.
> or the following brilliant rant by Henry Spencer from way back in the
> 20th century:
[[...]]
This is the "right" reference, which I think nicely addresses the OP's
question.
Sorry for the mixup,
--
-- "Jonathan Thornburg [remove -animal to reply]"
<[email protected]>
Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
