[kryten]

Any system of significant complexity be it hardware or software cannot be trusted unless it is 100% open source both from the hardware level to the software level and all systems that are used to manufacture it are open source as well and the whole process has open oversight.

Even if you tape out a CPU and ship it to the fab, they could still add stuff before it is packaged.

In conclusion, no you can't trust anything we use today. Even Stallman's open-everything laptop is open to compromise.

Pen, paper, box of dice, OTP or accept these facts.

[antocv]

That is why NSA has their own factory in which they produce their own chips and computers, clean and (electronically) isolated place.

I believe any country worth its salt, such as China/Israel/Russia, has such a capability - to produce their own chips and stack to work with, and they have the capability to compromise/backdoor foreign/target hardware, as well as methods to detect attempted tampering in their own for example military hardware.

It would be too damn funny if a countries communications and/or military hardware suddenly started acting "weird"/against them in case of a war?

[hollerith]

>NSA has their own factory in which they produce their own chips and computers

Citation or evidence?

[DanBC]

(http://www.militaryaerospace.com/articles/print/volume-9/iss...)

[trotsky]

While they do have their own bespoke fab, the description given there is wildly more impressive than I've ever heard it described by people not giving speeches.

For obvious reasons they are always going to need their own fab to some extent, because some applications are just too low volume or would leak way too much project specific information. Wherever the truth lies, I'm sure nothing coming out of there is general purpose computing meant for typical nsa run systems.

It's not too hard to figure out who they're using for mainstream chips and mid size run custom fabs. Look for well established strong us based companies that use us designers that have good analog and small cmos process digital fabs that are located in the US - especially new york, texas and oregon.

[ippisl]

Thanks.

That's from 1998 , when building fabs was cheap. I wonder what manufacturing process their latest factory uses.

[fnordfnordfnord]

Bamford mentions it briefly in one of his books, either The Puzzle Palace or Body of Secrets. They've had chip fab capabilities for some time before the 1990's.

[Torgo]

As of a few years ago the federal government has started a "trusted foundry" project to sign on and create new domestic fabs. I don't know where it's at, but the intention has been stated.

[hollerith]

Thanks.

[sharemywin]

Since most chips come from China how hard would it be for the chinese government to embed back doors in the chips firmware/logic?

[antocv]

Not hard at all, in fact FBI or some other letter-agency found their switches and routers had hardware backdoors in them back in 2009 I believe, it was kind of a big deal back then.

Since then US stepped up their cyber-warfare capabilities by forming a cyber-warfare department within Pentagon and such, probably also increasing the sampling rate and testing methods of their procured devices from foreigners.

[fnordfnordfnord]

It's funny to me that they try to get back-doors baked in to all sorts of hardware and software, but somehow appear to believe that nobody else has done the same.

[trotsky]

I'm not sure which they you mean, but I assure you nobody is under the impression that only some people do it. Core routers and core cellular gear is quickly becoming an industry that every nation state that can is looking to jumpstart their own homegrown industrial suppliers.

The number of global intelligence agencies that believe cisco (or Huawei or Alcatel etc) core routers are free of side channel attacks or dodgy opaque asics can be safely assumed to be 0.

[hhm]

A pen could be compromised with a micro camera as well, if you want to be really paranoid.

[randomchars]

I can do a complete security audit of my pens in less than a minute. I can't do the same with my computer hardware.