From: "Pat Farrell" <pfarrell@netcom.com>
Date: Wed, 28 Dec 94 06:53:38 PST
To: cypherpunks@toad.com
Subject: Re: Why I have a 512 bit PGP key
Message-ID: <35603.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


  eric@remailer.net (Eric Hughes)  writes:

>> Read Ken Thompson's Turing Award lecture for why that isn't
>> sufficient. Its quite amusing.
>
> I'm quite familiar with the work.  [For those who aren't, it's about
> compilers that compile in self-perpetuating bugs from their own source
> code.]
>
> Get the essay that Perry mentioned and start there.  Keep in mind that
> object code can be interpreted in many different ways, only one of
> them typically expected.

I strongly agree with both Perry that it is amusing and with Eric
that everyone should read it.

But I see it as more germane than Eric. It is not about
arbitrary self perpetuating bugs from source. It is
about serious security holes that are self perpetuatated
by the binaries of the complier. The compiler ignores
its own source and generates security hacked binaries,
even when the source looks like it is corrected.

One strongly held belief among lots on this list and in the PGP
advocacy world is that the availability of source
guarentees security. Thompson's lecture throroughly dispells
that hope, crushing the "guarentee" completely.

Drawing from Thompson, a simple MD5 is not sufficient.
Youd have to have multiple compilers, perferably on different
cpu architectures, build the tool from source, and compare the
results. Then, and only then, could you claim that you were
secure.

Of course, this is far too much work to be practical.

And this approach is impracticale without need to invent a conspiracy
between the compiler developers.

Pat

p.s. HappyNewYear!

Pat Farrell      Grad Student                 pfarrell@cs.gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>