On Fri, 13 Aug 2004, Morlock Elloi wrote:
A cool thing for this purpose could be a patch for gcc to produce unique code every time, perhaps using some of the polymorphic methods used by viruses.
The purpose would be that they do not figure out that you are using some security program, so they don't suspect that noise in the file or look for stego, right?
In better case, this. In worse case, to force the adversary to face an unknown, unexpected situation they aren't trained to handle.
The last time I checked the total number of PDA programs ever offered to public in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be trivially checked for. Any custom-compiled executable will stand out as a sore thumb.
Until a Gentoo-like Linux distro for PDAs appears. Then custom-compiled code becomes quite common in that segment of consumers. Another possible way for wrecking the set of file signatures "in the wild" could be releasing a product (which then would have to become popular, so it has to be useful) to do a function modifying the executables - may be a code packer (flash space is still a premium in the PDAs), may be a realtime patcher (for eg. protecting against some generic code exploits), in extreme cases may be an otherwise benign trojan or worm.
You will suffer considerably less bodily damage inducing you to spit the passphrase than to produce the source and the complier.
Yes, but the same applies to your colleague. Would you like it to be easy for your colleague to betray you?
Just use the fucking PGP. It's good for your genitals.
Unless the adversary beats the passphrase from your colleague and then comes for you. Don't be so selfish. :)