PGP source code
Owen Lewis
oml at eloka.demon.co.uk
Tue, 4 Sep 2001 11:34:53 +0100
> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of
> lists@notatla.demon.co.uk
> Sent: 03 September 2001 20:03
> To: ukcrypto@chiark.greenend.org.uk
> Subject: RE: PGP source code
>
>
> From: "Owen Lewis" <oml@eloka.demon.co.uk>
>
> > So the logic of this dictates that Uncle Sam (etc) lean on
> INTEL, AMD etc to
> > make certain amendments to the microcode that will cause
> serious weakening
> > of ciphertexts created using their processors? Said weakness only being
> > exploitable *if* you know what the effect of the microcode amendment is?
> >
> > Sounds like a plan to me. I wonder if he's thought of it?
> Probably. Which is
> > not the same thing as saying that he's done it. Anyone with knowledge of
> > microcode care to speculate on an approach to how this might be
> done or why
> > it can't be done?
>
>
> My guess is that other features than crypto would be the target here.
>
> I wrote on another list 2 years ago:
>
> > Pure speculation, but what if copying a certain 256-bit string
> caused the
> > program counter to pick up execution after that string ? Then
> practically
> > every program would have an exploitable buffer overflow detectable and
> > useable only by those with the secret key.
> >
> > Combine that with disabling protected memory in the processor and all
> > those overflows are remote root exploits, perhaps triggered by a single
> > ICMP packet.
>
> Assuming that Intel can be coerced, and that a leak proving the
> backdoor can
> be avoided with high confidence, there's no reason I can see why
> it can't be
> done.
Neither, prima facie, can I. Its a target with very desirable qualities,
representing what some call a 'choke point'. Indeed, it seems an ideal choke
point. To attain substantial mastery over a universe of information, one
needs to have compliant (I'd guess) no more than a couple of dozen people at
any one time, possibly rather less. As two companies of a single nation have
an essential duopoly of processor design for the general market, it also
makes possible the selection of staff to fill so few appointments rather
than risking approaches to the subornation of company employees staff who
are not placemen.
I'd guess that the temptation should have been quite irresistible. After
all, it's not more than the arm that UKG keeps on PSTN suppliers and others,
is it?
Owen