FW: PGP source code
Paul Leyland
pleyland at microsoft.com
Tue, 4 Sep 2001 07:27:49 -0700
Our mail gateway bounced this the first time 8-(
Paul
-----Original Message-----
From: Paul Leyland=20
Sent: 03 September 2001 17:06
To: 'ukcrypto@chiark.greenend.org.uk'
Subject: RE: PGP source code
> > Or can we trust the X86 microcode (he says risking revealing a
> > considerable depth of ignorance about what the microcode=20
> is, does, or
> > could be perverted to do)?
> Damned if I know - my depth of ignorance here matches yours. I know of
> no reasonable way to audit microcode, but I suppose you could try
> running stuff in parallel on AMD and Intel processors, in the hope you
> will spot any differences in behaviour.
Nope, you can't. Running on different AMD and Intel processors doesn't
help either.
In principle the microcode could leak keys into memory elsewhere for
later access under very specific circumstances.
I a previous life I installed a backdoor for myself in a microcoded
instruction set. To the best of my knowledge, it was never discovered
nor used outside a strictly isolated test environment. The
architecture in question has been dead for 15 years or thereabouts, so I
no longer feel constrained from mentioning it.
Paul