From: frantz@netcom.com (Bill Frantz)
Date: Mon, 26 Feb 1996 13:25:50 +0800
To: cypherpunks@toad.com
Subject: Re: Encryption Chips
Message-ID: <199602260231.SAA00902@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 AM 2/25/96 -0800, Timothy C. May wrote:
>At 4:47 PM 2/25/96, "A. Padgett Peterson P.E. Information Security"
>
>>The nice thing about am implimentation in software is that the code can be
>>examined for just this sort of thing *on a randomly selected operating unit*.
>>- hard to do with a chip.
>
>But of course one's compiler may have been subverted, as Ken Thompson
>showed some years back. Software implementations are sensitive to different
>sorts of attacks than hardware implementations are.

These things do not need to be verified at the source level.  One could
verify the output of the compiler and then publish a secure hash of it. 
(What an tedious job.)  There is infinite regress in these things, but I
would tend to trust a program which verified the secure hash of the crypto
system if that program was written after I received the release of the
compiler I am compiling it with.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA