On 2013-08-17 4:04 PM, Jon Callas wrote:
The problems run even deeper than the raw practicality. Twenty-nine years ago this month, in the August 1984 issue of "Communications of the ACM" (Vol. 27, No. 8) Ken Thompson's famous Turing Award lecture, "Reflections on Trusting Trust" was published. You can find a facsimile of the magazine article at <https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf> and a text-searchable copy on Thompson's own site, <http://cm.bell-labs.com/who/ken/trust.html>.
An attack such as that described by Ken Thompson is extremely brittle, narrowly targeted, and subject to rapid bitrot. It would only be used to target universally used and infrequently changing code - operating system code. Therefore, irrelevant for applications.
further, the attack is defeated, and potentially detected, by cross compilation, which happens all the time during operating system development.
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
