[Cryptech Tech] design software

Randy Bush randy at psg.com
Wed Jan 20 00:14:07 UTC 2016


>> For security critical things (everything from HSM's to barbie dolls
>> nowadays), we want a small core-team of developers and a large
>> audience (something in the order of magnitude of at least 100) of
>> people who can audit it.
> 
> You need to distinguish though between "can audit" and "will audit".
> If you want to create the presumption of auditability then by all
> means use some sort of open format.  However, if existing practice is
> anything to go by, no-one will ever audit the code.

this tragedy is played out again and again

> it'll never get audited unless you pay a third party to do it

and we can barely afford to get the puppy out the door as it is.  we are
managing to get seriuos rng tests run by outside parties, more news in a
bit.  and someone volunteered to qa the rng verilog, but has yet to come
through (and after i sent them my novena!).  clue on how to increase
audit desperately solicited.  the ewd quote "Testing shows the presence,
not the absence of bugs," comes to mind.

> It just doesn't seem like a good idea to constrain the developers into
> using inferior tools in order to accommodate an event that will almost
> certainly never happen.

actually, my read of philipp's message was a bit different.  

"Philipp Gühring" <pg at futureware.at> wrote:
> So my suggestion for Open Hardware projects is to have the designers
> try to use KiCad or other OpenSource design software, if possible.
> And if that isn´t possible due to limitations in the tools or the
> designers being unwilling to use different software, try to find a way
> to convert the design files to opensource-useable fileformats. (If you
> need help with that, I might be able to help)

i took that as
  if kicad does not have what we need to get the puppy out the door
     the engineers should use what they need to get it out
     but try hard to see that there is a reader for the design format
     and, if we can, convert to kicad or whatever later

and he even hinted that he might have path(s) to the last item.

but then i am a bit of an optimist.

randy


More information about the Tech mailing list