Eric Hughes says:
From: "Ian Farquhar" <ianf@sydney.sgi.com>
re: personal account tripwire
The problem is that although you can protect the data file of hashes (by using a pass phrase to encrypt it), protecting the binary which does the checking is rather more difficult.
Why not recompile the binary? All it needs to be is something like md5.c.
Read Ken Thompson's Turing Award lecture for why that isn't sufficient. Its quite amusing. Lets face it -- if you are truly paranoid, you have to carry your machine around with you at all times and chain it to you. Its all a question of threat model. For national security type attacks nothing less than "chain machine to wrist" will do. For stopping a casual attack, much less is needed. Its all in the threat model... Perry