[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I have a 512 bit PGP key



   From: Jeff Barber <[email protected]>

   > ???  An upload can be automated, just like anything other solution.

   Then the automated part (script or whatever) simply becomes another piece
   that needs to be protected.

There need be no part of the script/etc. that relies upon persistent
information on the target machine.  You can simulate the whole thing
as typing, if need be.

   You've merely added the compiler and its
   associated utilities to your regression list.  

It occurs to me that there's no need even to use the compiler, if
you're willing to upload binary images directly.  

And if you want to use the compiler, the effort involved in making a
recognizer for an ever mutating source is not trivial.  Variable names
can change, parse trees can change, control structures can change.

   Nothing is gained --
   other than additional irritation and delay.

Additional cost of subversion is _exactly_ the issue here.  We're not
talking about perfect security; that's impossible in this case, and
has been acknowledged as impossible.  What is at issue is making it
difficult for a not-completely-dedicated-to-your-destruction sysadmin
to subvert personal files.

Furthermore, the pragmatics of a personal tripwire are that it only
needs to indicate failure once.  As soon as I found out that my files
weren't safe in their place of residence, I'd leave.  The practical
question should not be one of fighting a running battle with a hostile
root; root always wins, period.  A useful outcome of this discussion
would be a feasible way of detecting the first modification.  Almost
always this will not be a full-scale effort.

Eric