[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Login Tripwire Protocols

To: andrew fabbro <[email protected]>, Ken Williams <[email protected]>
Subject: Re: Login Tripwire Protocols
From: David Honig <[email protected]>
Date: Fri, 06 Mar 1998 09:38:52 -0800
Cc: [email protected]
In-Reply-To: <Pine.LNX.3.95.980305203357.899A-100000@brokenarrow.us.itd.umich.edu>
References: <Pine.SOL.3.96.980305125302.21425A-100000@c00069-100lez.eos.ncsu.edu>
Sender: [email protected]

At 08:38 PM 3/5/98 -0500, andrew fabbro wrote:
>Can you build a reliable login tripwire on a machine where you don't
>have root access and root is likely a malicious character?  The answer
>is...maybe!  It requires a fairly sophisticated protocol and a lot of
>work...here are three of my ideas that didn't pan out, one that probably
>would, and a lot of caveats.  I'd appreciate comments, criticism,
>etc. from other 'punks.

Look up Ross Anderson et al's paper, Programming Satan's Computer, in
which a similarly omnipotent and malicious programming environment is 
discussed.


------------------------------------------------------------
      David Honig                   Orbit Technology
     [email protected]                  Intaanetto Jigyoubu

"But if we have to use force, 
it is because we are America;
we are the indispensable nation."
---Secretary of State Madeleine K. Albright
http://www.jya.com/see-far.htm

References:
- No Subject
  - From: Ken Williams <[email protected]>
- Login Tripwire Protocols
  - From: andrew fabbro <[email protected]>

Prev by Date: BXA 97 Report on Encryption
Next by Date: UPS to market DIGITAL SIGNATURE AUTHENTICATED DIGITAL DOCUMENT DELIVERY, $5 < $x < $10
Prev by thread: Login Tripwire Protocols
Next by thread: Re: tripwires when you're not superuser.
Index(es):
- Date
- Thread