Re: Integrity checking NANOBSD images

看板FB_security作者時間19年前 (2006/07/12 04:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/15 (看更多)
In message <6.2.3.4.0.20060711161049.04bd37a0@64.7.153.2>, Mike Tancsa writes: >With respect to prepending a random salt to the image, can you expand >what you mean ? If you just run sha256 on the disk image, and the attacker finds out, he will just run sha256 himself and record the result. Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."' when you thing you're running sha256 would be trivia. If you take a random hexstring of 16 digits and prepend to the disk-image, then the output of the sha256 is not constant and in order to simulate it, he has to have access to the disk image to feed into sha256 -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 phk. 的文章
文章代碼(AID): #14j0hg00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 5 之 15 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共15篇)
更多 phk. 的文章
文章代碼(AID): #14j0hg00 (FB_security)