1994-07-08 - Re: Request: tamper-proofing executables

Header Data

From: Patrick G. Bridges <patrick@CS.MsState.Edu>
To: cypherpunks@toad.com
Message Hash: 966f2389ae91dbbf5741fee475368820d85d53a7fe0636345f1c1859834001cf
Message ID: <9407082132.AA06109@Walt.CS.MsState.Edu>
Reply To: N/A
UTC Datetime: 1994-07-08 21:32:18 UTC
Raw Date: Fri, 8 Jul 94 14:32:18 PDT

Raw message

From: Patrick G. Bridges <patrick@CS.MsState.Edu>
Date: Fri, 8 Jul 94 14:32:18 PDT
To: cypherpunks@toad.com
Subject: Re: Request: tamper-proofing executables
Message-ID: <9407082132.AA06109@Walt.CS.MsState.Edu>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----


The best I can think of (right now) is embedding digital signatures in
the file.  One way or another, the program is going to have be
decrypted to run (unless you're using NSA`s patented EES4400 2500 MHz
0.1 micron run-encrypted CPU :-) ).  Anyone with a debugger and a
disassembler could then derive a version of the program as it decrypts
and make a hacked up version. At least if a digital signature is in
the program and it verifies _with a program you trust_ (a very
important point), then you know who last signed it. (and who to blame
if it does something wrong or vindictive) 

Doing verification inside the program is just too messy, since a good
cracker could set up your program to always act like verified
correctly even if it was modified. It may be more difficult if the
program is encrypted, but it is still doable...

Since you almost always trust the kernel (you sort of have to on most
machines, since it can f*ck with you in so many ways, by stealing your
PGP passphrase, for example), the kernel loader might be a good place
to do this verification for important programs. (It would slow the
machine down to much to do this for _every_ program, IMHO) If a user
wants to verify his program, make the external verification program be
checked by the kernel...

In the end, you have to trust someone. Just choose very carefully
who you trust.

I guess I sort of got off on a tangent, but, oh well... I guess I need
to go revise (perhaps rewrite) my signature-embedding program,
since "cypherpunks write code." :-)

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAgUBLh3FtkoL7Aaetl5pAQF2awP/WANyuh8Ivdyn226/qo2ndzRW30VA5SuO
0x5/CsSHXWYvk1VrFYzBtZtYLcADuqJdwF0dI76+yROJ7S8kKvky5ALoWudh0sSq
IT+0L0ufaL40gklSp2SulqHrNrhfoVNiVb3xImCVCUIW68nsAgwHWyRVCmcjMHJ+
zjS9KhsYo20=
=QPfM
-----END PGP SIGNATURE-----

-- 
*** Patrick G. Bridges  		patrick@CS.MsState.Edu ***
***      PGP 2.6 public key available via finger or server     ***
***             PGP 2.6 Public Key Fingerprint:		       ***
***      D6 09 C7 1F 4C 18 D5 18  7E 02 50 E6 B1 AB A5 2C      ***
***                #include <std/disclaimer.h>		       ***





Thread