Integrity checking NANOBSD images

R. B. Riddick arne_woerner at yahoo.com
Tue Jul 11 20:52:50 UTC 2006


--- Chuck Swiger <cswiger at mac.com> wrote:
> That suggestion is a very good point, although trying to find a single 
> trojaned image which matches several checksum methods is supposed to be a 
> highly difficult task.
> 
If the hash function is cryptographically secure, even a single such hash
function/method should be enough... Although there is this birthday paradoxon
(or what it is called in english): IIRC it is about 23 people in a room and
astonishingly the probability that 2 of them have the same birthday is more or
equal to 0.5 under certain simplifying assumptions (e. g. that there are so
many people from which the sample can be taken (I mean: A world with only 23
people, which have pairwise different birthdays would be unsuitable for that
probabilistic experiment))...

But your multi-hash-method idea has still the problem, that the trojan could
just send the expected hash values after some delay...

-Arne


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the freebsd-security mailing list