Old PC as Hardware Security Module?

Robert J. Hansen rjh at sixdemonbag.org
Tue May 15 08:58:53 CEST 2007

I apologize if I sound terse here, but this conversation has (IMO)  
jumped the shark.

> But how can we be confident?

Cf. Thompson, K. _Reflections on trusting trust_.  Comm. ACM 27, 8  
(Aug. 1984), 761-763.

A digital version of it is currently available at http://www.acm.org/ 
classics/sep95/, but links tend to be ephemeral, so read it while you  

Once you've read it, decide whether you can even trust the compiler  
you're using to compile GnuPG.  Finally, come back here and see  
whether that same logic can be used to decide whether to trust GnuPG.

If you're chasing a neverending shadow of "well, someone might attack  
the system this way...", you're ultimately left hand-hacking machine  
instructions for a low transistor count chip whose design you have  
personally validated and lithographed onto a sliver of six-nines pure  
silicon you smelted yourself.

That's what lies at the bottom of this rabbit hole.

More information about the Gnupg-users mailing list