[149149] in cryptography@c2.net mail archive
Re: [Cryptography] cheap sources of entropy
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Jan 21 02:40:53 2014
X-Original-To: cryptography@metzdowd.com
Date: Mon, 20 Jan 2014 13:05:00 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <9E5255E9-376E-488D-8F6E-626C3080436F@gmail.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 1/20/14 at 9:13 AM, crypto.jmk@gmail.com (John Kelsey) wrote:
>The problem is, nobody makes *everything* they use. A
>sufficiently resourceful attacker might attack your device on
>all kinds of levels, and you can't possibly check them all
>yourself. This has even been worked out by people with s lot
>of resources--classified systems apparently use a lot of off
>the shelf components now, for economic reasons. The folks who
>run those systems would love to be paranoid enough to verify
>everything in their system, but they can't--it would cost too much.
Hmm, 12AX7s cost about $15 and burn a bunch of power. How many
do I need to perform useful computation? Using the LGP-30
computer as an example, not very many. In any case, there is
probably a simple enough technology where concerns about back
doors devolve into pure paranoia. Of course this approach
doesn't scale to high performance, so we can't use it. :-)
>I spent some time running through this with e-voting...
Note that paper and human voting systems have been successfully
attacked. My favorite attack occurred in Chicago in the mid-20th
century. Ballot counters from one party glued pencil leads under
their fingernails. When they counted a ballot for the "wrong"
candidate, they marked an X for the correct candidate as well,
thereby invalidating the ballot.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz |Security, like correctness, is| Periwinkle
(408)356-8506 |not an add-on feature. - Attr-| 16345
Englewood Ave
www.pwpconsult.com |ibuted to Andrew Tanenbaum | Los Gatos,
CA 95032
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
