Hardware trojans messing with chip production

Quote:

shouldn't reason dictate to assume the NSA does what is possible as long as it has not been proven that it has not?

No. Reason dictates that you consider possibilities as possible, not certain. And yes, the revelations of the past few months show us that the NSA has been up to all sorts of things - but they also show that they aren't particularly good at keeping such things quiet.

[Skybird]

Quote:

Originally Posted by AndyJWest

No. Reason dictates that you consider possibilities as possible, not certain. And yes, the revelations of the past few months show us that the NSA has been up to all sorts of things - but they also show that they aren't particularly good at keeping such things quiet.

A long record speak against the suspect'S reputation, and so I see probability for him to play foul once again as much higher than just 50%, where as you ignorte the record and insist on a probability assessment of 50:50 : completely unknown, or random. I disagree, and I refuse to ignore what we already know about the suspect already.

Things like what Der Spiegel summarises, that you manipulate the entropy levels in certain randomization functions of the chip, are no difficult implementation, still would be extremely difficult for the end user to recognise as long as he does no9t run long, systematic test sessions with randomised function and umber generation and analysing the probability distribution. For the technical potential of somebody like the NSA, a degrading from 64 to 32 bit only already would tremendously simplify the task to break any randomised security code used by OS routines by using brute processor force to burn through. That is the ideal entry opportunity for an actor like the NSA: it's potent, but unsuspicious, and difficult to unveil.

It also is just the logcal next step, even the logically enforced next step. First there were soft trojans and virusses, rootkits and the like. Next operating systems get corrupted. Infiltrating the hardware during the production, is the next step.

And is it really that new? Some time ago there was a debate about Chinese computer tech and especially chips being used in practically every American hightech weapon system, ever cruise missiles, every platform electronics.

I already back then, two years ago it was or so, said I find it insane that one builds one owns weapons by using c hips and electronics produced by one's most pressing rival and possible future war enemy. At the same time the Americans import construction materials even like simple bricks and concrete parts when they build a new embassy in some foreign "friendly" nation like over here, for fears of getting bugged components if buying them from regional sub contractors. And at the same time they even hack friendly governments internal communication networks.

Trust me. Chip producers ARE under pressure by the NSA to build in backdoors into their hardware. I take that as 99% certain. It's technically possible, it is a benefit for the NSA, they can do it and demand it, the Patriot Act still is in effects well, and "national security" is a magic spell that immediately ends all discussion and all resistance - and so hardcoding backdoors in chips for sure gets done.

Quote:

Trust me.

No. Why should I? By your logic, I have to assume that the NSA are getting up to every dirty trick that is possible. Which includes the obvious dirty trick of planting false claims that microchip security has been breached. Or even planting people on forums to spread stories that microchip security has been breached, come to that.

Whether the story is true or not should actually make no difference to most people anyway - if you are that worried about security, don't use a computer for anything you don't want others to know about. That was good advice before this story came out, and it is good advice now. Worrying about dopant-level tampering on microchips while using an operating system you can't be sure hasn't been tampered with anyway is rather pointless.