Re: Integrity checking NANOBSD images
--- Chuck Swiger <cswiger@mac.com> wrote:
> That suggestion is a very good point, although trying to find a single
> trojaned image which matches several checksum methods is supposed to be a
> highly difficult task.
>
If the hash function is cryptographically secure, even a single such hash
function/method should be enough... Although there is this birthday paradoxon
(or what it is called in english): IIRC it is about 23 people in a room and
astonishingly the probability that 2 of them have the same birthday is more or
equal to 0.5 under certain simplifying assumptions (e. g. that there are so
many people from which the sample can be taken (I mean: A world with only 23
people, which have pairwise different birthdays would be unsuitable for that
probabilistic experiment))...
But your multi-hash-method idea has still the problem, that the trojan could
just send the expected hash values after some delay...
-Arne
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 11 之 15 篇):