[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I have a 512 bit PGP key



Eric Hughes writes:
> 
>    From: "Ian Farquhar" <[email protected]>
> 
>    > Recompile the binary from newly uploaded source each time.  MD5 source
>    > isn't more than about 10K long.  That's all of a few seconds of upload
>    > time.
> 
>    Irritating [...]
> 
> ???  An upload can be automated, just like anything other solution.

Then the automated part (script or whatever) simply becomes another piece
that needs to be protected.


> You can't go about protecting against the modification of binaries by
> relying upon one of your binaries being better protected than the
> rest.  There's an infinite regress involved here.  The solution is to
> go outside the regress.  Recreating the binary from scratch is one
> way.  I'm sure there are others.

No -- in the absence of other measures, recreating the binary from 
scratch is not such a way.  You've merely added the compiler and its
associated utilities to your regression list.  Nothing is gained --
other than additional irritation and delay.


-- Jeff