[4096] in cryptography@c2.net mail archive
Re: Cryptoprocessors and reverse engineering
daemon@ATHENA.MIT.EDU (John Gilmore)
Fri Jan 29 11:36:42 1999
To: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>, decius@bleeding.edge.net
Cc: cryptography@c2.net, gnu@toad.com
In-reply-to: <E1042Co-0002eK-00@heaton.cl.cam.ac.uk>
Date: Thu, 28 Jan 1999 20:01:50 -0800
From: John Gilmore <gnu@toad.com>
decius@bleeding.edge.net wrote on 1999-01-22 20:41 UTC:
> > One potential problem with such a system is that it allows
> > software vendors to include malicious code in their products with little
> > or no chance of being caught.
Markus Kuhn said in response:
> I don't think this is a severe additional threat. Decompiling software
> is a rather difficult and not widely practiced art. Practically no
> reverse-engineering of large binary applications (such as Internet
> Explorer) is going on at the moment, it would just be orders of
> magnitude too tedious. So we do not lose too much compared to today.
I would disagree, but I funded a decompilation of the Adobe PostScript
interpreter from the original LaserWriter ROMs, eventually producing a
specification for the encoded Type 1 fonts. This effort only took
a month or two of a skilled programmer's time.
The eventual result was that Adobe released the specs for these fonts
(a year or two later). This permitted more than two or three huge
font companies (licensed by Adobe) to produce fonts in this format for
use with PostScript printers. It also permitted a variety of software
to *use* these fonts, e.g. for display on computer screens. And in a
way, it contributed to making Type 1 a usable commercial standard for
fonts, since not only could you get good commercial fonts in that
format, but after it became non-proprietary it was much more
acceptable to base your product on it. (Releasing it is something
Adobe would probably never have done on their own, despite the fact
that it probably helped them.)
Someone else did something similar to recover the "trade secret" RC2
and RC4 algorithms after RSA cut a deal with the government to favor
their export. I keep hoping someone will do this for "RealAudio",
which has managed to claw its way to being sort-of-a-standard without
ever releasing specs.
My guess is that the hard part in many of these jobs is finding the
algorithm in all the unrelated code. You don't need to
reverse-engineer the entire program, just the interface that you care
about.
The opportunity to reverse-engineer in order to get past a deliberate
software monopoly lock-up is critical. Remove this from computer
architectures at your peril.
John
