Re: Integrity checking NANOBSD images
- From: "Poul-Henning Kamp" <phk@xxxxxxxxxxxxxx>
- Date: Tue, 11 Jul 2006 20:22:23 +0000
In message <6.2.3.4.0.20060711161049.04bd37a0@xxxxxxxxxx>, Mike Tancsa writes:
With respect to prepending a random salt to the image, can you expand
what you mean ?
If you just run sha256 on the disk image, and the attacker
finds out, he will just run sha256 himself and record the result.
Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."'
when you thing you're running sha256 would be trivia.
If you take a random hexstring of 16 digits and prepend to the
disk-image, then the output of the sha256 is not constant
and in order to simulate it, he has to have access to the disk
image to feed into sha256
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk@xxxxxxxxxxx | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: Integrity checking NANOBSD images
- From: R. B. Riddick
- Re: Integrity checking NANOBSD images
- References:
- Re: Integrity checking NANOBSD images
- From: Mike Tancsa
- Re: Integrity checking NANOBSD images
- Prev by Date: Re: Integrity checking NANOBSD images
- Next by Date: Re: Integrity checking NANOBSD images
- Previous by thread: Re: Integrity checking NANOBSD images
- Next by thread: Re: Integrity checking NANOBSD images
- Index(es):
