1994-12-22 - Making sure a program gets to the receiver intact
Header Data
From: an169306@anon.penet.fi
To: cypherpunks@toad.com
Message Hash: 8dae2c4b5d21c2b661470e4d1e9dbb57d423dadf7e3c28547006a4b23d2d4c7b
Message ID: <9412220711.AA21268@anon.penet.fi>
Reply To: N/A
UTC Datetime: 1994-12-22 07:47:49 UTC
Raw Date: Wed, 21 Dec 94 23:47:49 PST
Raw message
From: an169306@anon.penet.fi
Date: Wed, 21 Dec 94 23:47:49 PST
To: cypherpunks@toad.com
Subject: Making sure a program gets to the receiver intact
Message-ID: <9412220711.AA21268@anon.penet.fi>
MIME-Version: 1.0
Content-Type: text/plain
How can I insure a program, once put on FTP sites stays untampered with?
I have done the following, but I still find holes:
1: PGP signed each file with a seperate .sig file.
2: Made a MD5 list, using 2-3 seperate programs (making sure they agree),
PGP signing the list, and asking friends to sign the list, leaving
seperate .sigs in the directory.
3: Encrypting a copy of the MD5 list with a passphrase (if all keys are
fragged, then in front of trusted witnesses, I can decrypt the key,
show them that the MD5 list is authentic.)
4: PKZIPPING it using my AV key. (Yes, I am aware that this is a joke,
but since I am a registered user, why not use it?) (Side note, if
one uses PKZIP, please register it. I have seen so many unregistered
copies of this, that it makes my eyes water.)
The holes:
1: Someone hacking the keyservers, substituting a key for all the people
who signed, and modifing the archive to show that.
2: Someone breaking into my apt, sticking a keyboard monitor on, getting
my passphrase and key.
Most of this is theoritical, as it is hard to hack _all_ keyservers to
nuke my PGP key, then hack AOL, compuserve, and other FTP sites to
modify the binary, but I would like to make _sure_ this program gets
into user's hands without getting modified. (Not for paranoia reasons,
but just to see how well one can make a package resistant to tampering.)
Pardon the anonymous ID, as my reputation with my REAL user id is not
so great. (No, I am not Lance, but not that better off due to tons
of dumb mistakes with my regular ID on this list.)
-------------------------------------------------------------------------
To find out more about the anon service, send mail to help@anon.penet.fi.
Due to the double-blind, any mail replies to this message will be anonymized,
and an anonymous id will be allocated automatically. You have been warned.
Please report any problems, inappropriate use etc. to admin@anon.penet.fi.
Thread
Return to December 1994
- Return to “an169306@anon.penet.fi”
- Return to “eric@remailer.net (Eric Hughes)”
Return to “Jason Burrell <jburrell@crl.com>”
- 1994-12-22 (Wed, 21 Dec 94 23:47:49 PST) - Making sure a program gets to the receiver intact - an169306@anon.penet.fi
- 1994-12-22 (Thu, 22 Dec 94 11:09:38 PST) - Re: Making sure a program gets to the receiver intact - Jason Burrell <jburrell@crl.com>
- 1994-12-23 (Fri, 23 Dec 94 08:39:03 PST) - Re: Making sure a program gets to the receiver intact - eric@remailer.net (Eric Hughes)