[langsec-discuss] Revisiting "Trusting Trust" for binary toolchains [30c3]

Sven Kieske svenkieske at gmail.com
Fri Jan 3 19:17:09 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I sadly didn't have the time to attend to 30c3
in person, but I watched the video here:
http://www.youtube.com/watch?v=QogdeTy7cDc

I just have a small addition regarding the
"magic wand" mentioned in the beginning.

To be more precise, the authors refer to
Ken Thompsons famous "trusting trust"[1]
and imply that this problem never was solved.

Well, to my understanding this was solved indeed
by David A. Wheelers, also famous, dissertation
"Fully Countering Trusting Trust through Diverse
Double-Compiling"[2]

I know that this does not prove anything wrong
which was shown later in the talk and I find the
findings really interesting, but I wanted
to share this information with you, just in case
you maybe missed Wheelers paper.

I hope I did understand the talk correctly and
that my findings are correct, if not, I accuse
my poor English skills ;-)

kind regards

Sven Kieske

[1] http://cm.bell-labs.com/who/ken/trust.html
[2]
http://www.dwheeler.com/trusting-trust/dissertation/html/wheeler-trusting-trust-ddc.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQGcBAEBAgAGBQJSxwy1AAoJEAq0kGAWDrqldakL/1hrkEPVjgVgkDCEJTrjKoSz
LFWAqvTovnk1DBig36fwYbhuUABS2eP/s8+OmqViNXCTB7dsyOkiFFc/HJ8RC2C2
/8EbPXvZdFBePgXijVTf5nPcVdfL+d0A/SiIHHL4/skbUIXKgO572ayYqM4cCHtc
1GDoXSp9Fo5tYNk5ScRRKscp0efIc10Ac2rtthE6SR4VXOW8fEI9IsUjGw6hYpho
oqTqZJVvgVgINjrAvcWO38dWEapBeI5p3W8EVOaC46ZgG2tUqSXUkDzIdAn0349D
ND2o2qog01GQrdkQlkezaLuTDbbQpk6Y5a7fZej809ydGlh+3mehzZMPm5MBjyTr
bJcKS92GtfhR0Z0e236daNZoBiG5vCZGGK2bYlzFZJI7Ct1kqGFibLmRDn4qFO+b
y1M8+Er8OHL9ABU2NJnlVygRQP6SjXkBBpleaF0FSRddL6bZ1HDdQhi+yp0VHsLi
BlcWxgb4JSaUoylvQxSYMvaQ2UdCU4meBeGtKKhovQ==
=Kv8K
-----END PGP SIGNATURE-----


More information about the langsec-discuss mailing list