[cryptography] Reply to Zooko (in Markdown)
James A. Donald
jamesd at echeque.com
Sat Aug 17 17:10:42 EDT 2013
On 2013-08-17 4:04 PM, Jon Callas wrote:
> The problems run even deeper than the raw practicality. Twenty-nine years ago this month, in the August 1984 issue of "Communications of the ACM" (Vol. 27, No. 8) Ken Thompson's famous Turing Award lecture, "Reflections on Trusting Trust" was published. You can find a facsimile of the magazine article at <https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf> and a text-searchable copy on Thompson's own site, <http://cm.bell-labs.com/who/ken/trust.html>.
An attack such as that described by Ken Thompson is extremely brittle,
narrowly targeted, and subject to rapid bitrot. It would only be used
to target universally used and infrequently changing code - operating
system code. Therefore, irrelevant for applications.
further, the attack is defeated, and potentially detected, by cross
compilation, which happens all the time during operating system development.
More information about the cryptography