Re: IBM to built crypto-on-a-chip into all its PCs

1999-09-30 Thread Damien Miller

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 29 Sep 1999, William H. Geiger III wrote:

 
 If you do not trust the crypto processor then you should throw the  whole
 machine out - there are *so* many other ways that IBM could have
 compromised the system. 
 
 So you suggest the head in the sand approach? There are so many different
 ways a system can be compromised so we will just ignore them all? Surely
 you are not naive enough to blindly trust someone's crypto black box just
 because they say it's secure?

Surely you are not naive enough to blindly trust someone's black
box of a CPU just because they say it is not contain trapdoors? 

This applies even more so for operating systems. Have you audited
every line of Warp 4.0? Of course not, but you are willing to rant
about the alleged insecurity of a crypto chip by the very same vendor.

You don't see the inconsistency?

Regards,
Damien Miller

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.ilogic.com.au/~dmiller
| Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE38t6QormJ9RG1dI8RAguOAKCa5hMRymU0i+dq31qR/Vseobmc8gCfegXY
80q/C5xn1dVVDcBNoSJ4yoU=
=8iQs
-END PGP SIGNATURE-




Re: IBM to built crypto-on-a-chip into all its PCs

1999-09-29 Thread William H. Geiger III

In v04210101b41578834ee3@[204.167.100.139], on 09/27/99 
   at 03:41 PM, Robert Hettinga [EMAIL PROTECTED] said:

Probably IBM will first want to see how attractive the technology is  to
punters. At least the approach of using an ancillary encryption  chip
should keep IBM safe from the nightmare Intel faced when it  attempted to
railroad CPU ID numbers on users.


No Code == No Trust!

This has all the security/trust problems that Intel's RNG does and more. I
wouldn't touch this thing with a ten foot poll.


 
---
William H. Geiger III  http://www.openpgp.net
Geiger ConsultingCooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP  MR/2 the only way for secure e-mail.
OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html
Talk About PGP on IRC EFNet Channel: #pgp Nick: whgiii

Hi Jeff!! :)
---




Re: IBM to built crypto-on-a-chip into all its PCs

1999-09-29 Thread Damien Miller

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 28 Sep 1999, William H. Geiger III wrote:

 In v04210101b41578834ee3@[204.167.100.139], on 09/27/99 
at 03:41 PM, Robert Hettinga [EMAIL PROTECTED] said:
 
 Probably IBM will first want to see how attractive the technology is  to
 punters. At least the approach of using an ancillary encryption  chip
 should keep IBM safe from the nightmare Intel faced when it  attempted to
 railroad CPU ID numbers on users.
 
 No Code == No Trust!
 
 This has all the security/trust problems that Intel's RNG does and more. I
 wouldn't touch this thing with a ten foot poll.

I don't see what this paranoia gains you. 

If you do not trust the crypto processor then you should throw the 
whole machine out - there are *so* many other ways that IBM could have
compromised the system. 

This is doubly interesting given you choice of operating system 
(as mentioned in your .sig).

Regards,
Damien Miller

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.ilogic.com.au/~dmiller
| Email: [EMAIL PROTECTED] (home) -or- [EMAIL PROTECTED] (work)



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE38r9IormJ9RG1dI8RAlKbAJ0ZfyuIjjyJ8MYfD0K5r/c/ieHtQwCggqcf
Iu2q9DmK5cLmtKSUWceJras=
=Ok+o
-END PGP SIGNATURE-