Integrity checking NANOBSD images
Poul-Henning Kamp
phk at phk.freebsd.dk
Tue Jul 11 20:22:25 UTC 2006
In message <6.2.3.4.0.20060711161049.04bd37a0 at 64.7.153.2>, Mike Tancsa writes:
>With respect to prepending a random salt to the image, can you expand
>what you mean ?
If you just run sha256 on the disk image, and the attacker
finds out, he will just run sha256 himself and record the result.
Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."'
when you thing you're running sha256 would be trivia.
If you take a random hexstring of 16 digits and prepend to the
disk-image, then the output of the sha256 is not constant
and in order to simulate it, he has to have access to the disk
image to feed into sha256
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list