On Dec 27, 6:40pm, Eric Hughes wrote:
The problem is that although you can protect the data file of hashes (by using a pass phrase to encrypt it), protecting the binary which does the checking is rather more difficult.
Why not recompile the binary? All it needs to be is something like md5.c.
I take it you mean recompile the binary every time? Because you'd need to have source around to recompile it from, and the attacker could modify that source even more easily than he or she could hack the binary. The idea is to make tampering with the binary detectable. Ultimately, the aim is to make it too difficult to break and thus cause most people to give up. I am pretty much certain that to make such a system perfectly secure under these conditions is impossible. What I am aiming for, I suppose, is to make sure that there are no trivial attacks which could compromise security. If you've got a system admin who is willing and capable of hacking exec in the kernel, then it's time to move systems. :) Ian.