[Cryptech Tech] design software
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Jan 18 09:50:39 UTC 2016
I think it's a case of finding a Pareto-optimal balance between auditability
and ease of use/practicality, which means you need to step back and look at
how either would be accomplished.
tl;dr: The Verilog is unlikely to ever be audited on a non-professional level
so restricting yourself to OSS tools doesn't matter, and the devs should use
the best, most effective tools for the job, regardless of whether they're OSS
or commercial.
Longer version: In terms of auditing, the vast majority of security code never
gets audited. Serious security bugs can persist in plain view in widely-used
crypto code (e.g. PGP's xorbytes and GPG's xorbytes-memorial bugs) for a
decade or more without anyone noticing.
Let's assume though that something really exceptional occurs and someone does
decide to audit it. I have no idea why, maybe cosmic rays or something, or
because terrorism. In any case unlike (say) GPG, you can't have someone who
knows Python and has had some exposure to Perl and maybe took a class in C at
some point sit down and read through the code, you need someone with pretty
extensive experience in Verilog to do that, which probably means someone who
works with it professionally or semi-professionally. Which in turn means they
probably have access to whatever (commercial) tools they need to do the job.
In terms of working with the tools, that one's pretty clear, use the best,
most effective tools for the job. If the developers are hampered in their
ability to produce a good design, or get turned away from having to work with
poor tools, then auditability becomes irrelevant.
I would have given up on cryptlib years ago if I had to build it with vi and
gdb. My only real reason for staying with Windows as my desktop OS is that
it's the substrate I use for running Visual Studio. It's all closed-source
and commercial, but it's what I want to use because it's the best tool for the
job.
And that's the deciding factor in this case: What do the devs want to use?
What's the most effective tool for getting the job done?
Peter.
More information about the Tech
mailing list