[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I have a 512 bit PGP key



On Dec 27,  6:40pm, Eric Hughes wrote:
>    The problem is that although you can protect the data file of
>    hashes (by using a pass phrase to encrypt it), protecting the
>    binary which does the checking is rather more difficult.
>
> Why not recompile the binary?  All it needs to be is something like
> md5.c.

I take it you mean recompile the binary every time?  Because you'd
need to have source around to recompile it from, and the attacker
could modify that source even more easily than he or she could hack
the binary.  The idea is to make tampering with the binary detectable.

Ultimately, the aim is to make it too difficult to break and thus cause
most people to give up.  I am pretty much certain that to make such
a system perfectly secure under these conditions is impossible.  What I
am aiming for, I suppose, is to make sure that there are no trivial attacks
which could compromise security.  If you've got a system admin who is
willing and capable of hacking exec in the kernel, then it's time to
move systems. :)

							Ian.