Ken Thompson: Reflections on Trusting Trust (1984)

If anyone is wondering why this has come up again, this was referenced by the US government during their proposed hack on xcode and the iOS SDK.<p>Leaked NSA discussion &#x27;Strawhorse: Attacking the MacOS and iOS Software Development Kit&#x27;: <a href="https://freesnowden.is/2015/03/10/strawhorse-attacking-the-macos-and-ios-software-development-kit/" rel="nofollow">https:&#x2F;&#x2F;freesnowden.is&#x2F;2015&#x2F;03&#x2F;10&#x2F;strawhorse-attacking-the-m...</a><p>Article: <a href="https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/" rel="nofollow">https:&#x2F;&#x2F;firstlook.org&#x2F;theintercept&#x2F;2015&#x2F;03&#x2F;10&#x2F;ispy-cia-campa...</a>

&gt;I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode.<p>Prescient.<p>If I was a 3-letter surveillance agency with an unlimited budget, lots of gifted engineers, and significant legal leverage over the two largest players of the PC processor market via such instruments as National Security Letters, x86 microcode is exactly where I would hide backdoors.

(This comment originally posted: <a href="https://news.ycombinator.com/item?id=8023247" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=8023247</a> )<p>Please have a look at David A. Wheeler’s page on Trusting trust [1], including his 2009 PhD dissertation [2], where he clearly demonstrates that it is possible to have trusted (not in the MS sense...) computers (I think).<p>You may also be interested in &#x27;Countering &quot;Trusting Trust&quot;&#x27; on Schneier&#x27;s website [3], which discusses a 2006 paper, also by Wheeler.<p>[1] <a href="http://www.dwheeler.com/trusting-trust/" rel="nofollow">http:&#x2F;&#x2F;www.dwheeler.com&#x2F;trusting-trust&#x2F;</a><p>[2] <a href="http://www.dwheeler.com/trusting-trust/dissertation/html/whe.." rel="nofollow">http:&#x2F;&#x2F;www.dwheeler.com&#x2F;trusting-trust&#x2F;dissertation&#x2F;html&#x2F;whe...</a>.<p>[3] <a href="https://www.schneier.com/blog/archives/2006/01/countering_tr.." rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2006&#x2F;01&#x2F;countering_tr...</a>.

It is a classic - but also quite old - there are some new techniques for countering this: <a href="https://www.schneier.com/blog/archives/2006/01/countering_trus.html" rel="nofollow">https:&#x2F;&#x2F;www.schneier.com&#x2F;blog&#x2F;archives&#x2F;2006&#x2F;01&#x2F;countering_tr...</a>

Everyone feel safe using a compiler written by a twisted mind like that?<p>(Ask someone who uses Go today, for example ;)