Old PC as Hardware Security Module?
Robert J. Hansen
rjh at sixdemonbag.org
Tue May 15 08:58:53 CEST 2007
I apologize if I sound terse here, but this conversation has (IMO)
jumped the shark.
> But how can we be confident?
Cf. Thompson, K. _Reflections on trusting trust_. Comm. ACM 27, 8
(Aug. 1984), 761-763.
A digital version of it is currently available at http://www.acm.org/
classics/sep95/, but links tend to be ephemeral, so read it while you
Once you've read it, decide whether you can even trust the compiler
you're using to compile GnuPG. Finally, come back here and see
whether that same logic can be used to decide whether to trust GnuPG.
If you're chasing a neverending shadow of "well, someone might attack
the system this way...", you're ultimately left hand-hacking machine
instructions for a low transistor count chip whose design you have
personally validated and lithographed onto a sliver of six-nines pure
silicon you smelted yourself.
That's what lies at the bottom of this rabbit hole.
More information about the Gnupg-users