Eric wrote: | From: "Ian Farquhar" <ianf@sydney.sgi.com> | | re: personal account tripwire | | The problem is that although you can protect the data file of | hashes (by using a pass phrase to encrypt it), protecting the | binary which does the checking is rather more difficult. | | Why not recompile the binary? All it needs to be is something like | md5.c. Or leave the binary on a floppy (assuming you can access floppies, or some other removable media.) The problem reduces pretty quickly to a variant of trusting trust. root can hack the kernel, the math libraries, your shell, or several other points to make life difficult. Can you go through a set of steps so convoluted as to catch this? Probably. But in all likelyhood, its easier to get a personal machine on which to store private files. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume