
Ken Thompson: Reflections on Trusting Trust (1984) - pietro
http://cm.bell-labs.com/who/ken/trust.html
======
nailer
If anyone is wondering why this has come up again, this was referenced by the
US government during their proposed hack on xcode and the iOS SDK.

Leaked NSA discussion 'Strawhorse: Attacking the MacOS and iOS Software
Development Kit': [https://freesnowden.is/2015/03/10/strawhorse-attacking-
the-m...](https://freesnowden.is/2015/03/10/strawhorse-attacking-the-macos-
and-ios-software-development-kit/)

Article: [https://firstlook.org/theintercept/2015/03/10/ispy-cia-
campa...](https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-
steal-apples-secrets/)

------
na85
>I could have picked on any program-handling program such as an assembler, a
loader, or even hardware microcode.

Prescient.

If I was a 3-letter surveillance agency with an unlimited budget, lots of
gifted engineers, and significant legal leverage over the two largest players
of the PC processor market via such instruments as National Security Letters,
x86 microcode is exactly where I would hide backdoors.

------
raving-richard
(This comment originally posted:
[https://news.ycombinator.com/item?id=8023247](https://news.ycombinator.com/item?id=8023247)
)

Please have a look at David A. Wheeler’s page on Trusting trust [1], including
his 2009 PhD dissertation [2], where he clearly demonstrates that it is
possible to have trusted (not in the MS sense...) computers (I think).

You may also be interested in 'Countering "Trusting Trust"' on Schneier's
website [3], which discusses a 2006 paper, also by Wheeler.

[1] [http://www.dwheeler.com/trusting-
trust/](http://www.dwheeler.com/trusting-trust/)

[2] [http://www.dwheeler.com/trusting-
trust/dissertation/html/whe...](http://www.dwheeler.com/trusting-
trust/dissertation/html/whe..).

[3]
[https://www.schneier.com/blog/archives/2006/01/countering_tr...](https://www.schneier.com/blog/archives/2006/01/countering_tr..).

~~~
jimhefferon
Your second and third links come out dead for me, ending in ... .

~~~
Robadob
It appears he's copied them verbatim, including the ellipsis, the broken links
(from the original post) are supposed to be;

[2] [http://www.dwheeler.com/trusting-
trust/dissertation/html/whe...](http://www.dwheeler.com/trusting-
trust/dissertation/html/wheeler-trusting-trust-ddc.html)

[3]
[https://www.schneier.com/blog/archives/2006/01/countering_tr...](https://www.schneier.com/blog/archives/2006/01/countering_trus.html)

------
zby
It is a classic - but also quite old - there are some new techniques for
countering this:
[https://www.schneier.com/blog/archives/2006/01/countering_tr...](https://www.schneier.com/blog/archives/2006/01/countering_trus.html)

~~~
magoon
Thanks for this - yet reading through the comments, I wouldn't place much
stock in the technique.

------
willvarfar
Everyone feel safe using a compiler written by a twisted mind like that?

(Ask someone who uses Go today, for example ;)

