From: David Honig <honig@otc.net>
Date: Fri, 6 Mar 1998 09:48:28 -0800 (PST)
To: andrew fabbro <jkwilli2@unity.ncsu.edu>
Subject: Re: Login Tripwire Protocols
In-Reply-To: <Pine.SOL.3.96.980305125302.21425A-100000@c00069-100lez.eos.ncsu.edu>
Message-ID: <3.0.5.32.19980306093852.007b3200@otc.net>
MIME-Version: 1.0
Content-Type: text/plain


At 08:38 PM 3/5/98 -0500, andrew fabbro wrote:
>Can you build a reliable login tripwire on a machine where you don't
>have root access and root is likely a malicious character?  The answer
>is...maybe!  It requires a fairly sophisticated protocol and a lot of
>work...here are three of my ideas that didn't pan out, one that probably
>would, and a lot of caveats.  I'd appreciate comments, criticism,
>etc. from other 'punks.

Look up Ross Anderson et al's paper, Programming Satan's Computer, in
which a similarly omnipotent and malicious programming environment is 
discussed.


------------------------------------------------------------
      David Honig                   Orbit Technology
     honig@otc.net                  Intaanetto Jigyoubu

"But if we have to use force, 
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm