[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Cryptography] GHCQ Penetration of Belgacom



On Sat, Dec 20, 2014 at 12:31 PM, hbaker1 <[email protected]> wrote:
>>From: [email protected]
>>
>> | I think it would be very hard to find a backdoor suggested by
>> | Norm Hardy.  Modify the CPU to detect when two specific floating
>> | point numbers are multiplied.  When they are, execute the next
>> | instruction in privileged mode.
>>
>>It's my second-hand understanding that it would take perhaps 3,000
>>gates to implement intentional sensitivity to a pre-designed kill
>>packet.  The addition of 3,000 gates to any current chipset will
>>never be found in current hardware, e.g., the iPhone 6 has two
>>billion transistors on the system chip.
>>
>>Others more knowledgeable welcome to correct my understanding.
>
> So Intel&Apple have provided PRC with netlists for their processor
> chips?
>
> Of course, PRC shouldn't believe them, unless they could also
> manufacture their own chips from the netlists.

It doesn't matter what a chipmaker provides and claims as truth today.
Anyone, spy or not, anywhere in the chain from design to fab could
insert anything, there are probably not enough internal control and
validation programs in place to find it. And if something untrustworthy
is sucessfully implanted or simply produced TOP SECRET approved,
who on the outside is going to find it? No one publicly open, external, and
disinterested is sampling these chips off the shelves and decapping them,
or exhausting all possible input data against expected output, or has eyes
in the fabs. Until the world has truly open fabs, you might as well assume
it's game over.

Similarly, we can't even get rid of default firmware passwords, baseband, bad
crypto, closed source, vPro, and all the other examples of potentially
backdoorish
things possibly against the user... including NSA style spying and corporate
datamining tagged with your name.
Can you apply enough pressure to get rid of closed fabs, and the elements
within governments and corporations that think up, perform and produce this
kind of stuff?