[cryptography] Reply to Zooko (in Markdown)

James A. Donald jamesd at echeque.com
Sat Aug 17 17:10:42 EDT 2013


On 2013-08-17 4:04 PM, Jon Callas wrote:
> The problems run even deeper than the raw practicality. Twenty-nine years ago this month, in the August 1984 issue of "Communications of the ACM" (Vol. 27, No. 8) Ken Thompson's famous Turing Award lecture, "Reflections on Trusting Trust" was published. You can find a facsimile of the magazine article at <https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf> and a text-searchable copy on Thompson's own site, <http://cm.bell-labs.com/who/ken/trust.html>.

An attack such as that described by Ken Thompson is extremely brittle, 
narrowly targeted, and subject to rapid bitrot.  It would only be used 
to target universally used and infrequently changing code - operating 
system code.  Therefore, irrelevant for applications.


further, the attack is defeated, and potentially detected, by cross 
compilation, which happens all the time during operating system development.


More information about the cryptography mailing list