From: “Ian Farquhar” <ianf@sydney.sgi.com>
To: cypherpunks@toad.com
Message Hash: 17169d45d3afd69ae252f6c1af99b4ee69ad23ecc76b2d69ba3cdfe24c7ae0dc
Message ID: <9412281357.ZM11227@wiley.sydney.sgi.com>
Reply To: <199412280240.SAA02061@largo.remailer.net>
UTC Datetime: 1994-12-28 03:08:10 UTC
Raw Date: Tue, 27 Dec 94 19:08:10 PST
From: "Ian Farquhar" <ianf@sydney.sgi.com>
Date: Tue, 27 Dec 94 19:08:10 PST
To: cypherpunks@toad.com
Subject: Re: Why I have a 512 bit PGP key
In-Reply-To: <199412280240.SAA02061@largo.remailer.net>
Message-ID: <9412281357.ZM11227@wiley.sydney.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain
On Dec 27, 6:40pm, Eric Hughes wrote:
> The problem is that although you can protect the data file of
> hashes (by using a pass phrase to encrypt it), protecting the
> binary which does the checking is rather more difficult.
>
> Why not recompile the binary? All it needs to be is something like
> md5.c.
I take it you mean recompile the binary every time? Because you'd
need to have source around to recompile it from, and the attacker
could modify that source even more easily than he or she could hack
the binary. The idea is to make tampering with the binary detectable.
Ultimately, the aim is to make it too difficult to break and thus cause
most people to give up. I am pretty much certain that to make such
a system perfectly secure under these conditions is impossible. What I
am aiming for, I suppose, is to make sure that there are no trivial attacks
which could compromise security. If you've got a system admin who is
willing and capable of hacking exec in the kernel, then it's time to
move systems. :)
Ian.
Return to December 1994
Return to “Thomas Grant Edwards <tedwards@src.umd.edu>”