Re: Integrity checking NANOBSD images

On Tue, Jul 11, 2006 at 04:18:19PM -0400, Mike Tancsa wrote:
At 04:05 PM 11/07/2006, Poul-Henning Kamp wrote:
In message <44B4010E.7010809@xxxxxxx>, Chuck Swiger writes:

Checksumming the device image is a fine way of checking the
integrity of it,
assuming it is read-only. The only thing you might want to do is
use two or
three checksum algorithms (ie, use sha256 and md5 and something
else), so that
someone can't create a new image which matches the sha256 checksum of the
original.

A much better idea is to send a random "salt" to be prepended to
the disk image before it is run through sha256, that would prevent
the attacker from running sha256 and any other algorithm you
could care for on the image, store the results and return them
with trojans.

Copying the sha256 binary over is no guarantee against a kernel
embedded trojan.

But then again, how paranoid one has to be is a matter of preference.


Hi,
Thanks for the responses. I know there are no perfect ways.
I guess I want to understand the risk as much as possible and
mitigate against tampering as much as possible without designing the
requirement for some guy to sit in front of the box with a gun :)

With respect to prepending a random salt to the image, can you expand
what you mean ?

It means that every time you want to checksum it, you send some
random bits to be prepended to the image, then compute the
checksum(s). You then do the same (with the same salt) on a
trusted host and compare the results.


Cheers,
--
Ruslan Ermilov
ru@xxxxxxxxxxx
FreeBSD committer

Attachment: pgpFU9ONPnD2O.pgp
Description: PGP signature