Let's face it, creating the compiler-to-recognize-MD5 is quite a difficult problem, and if I were your system administrator and wanted to obtain access to your files, creating a special compiler version or otherwise attempting to cause your integrity check to fail would be one of the last forms of attack I'd try.

Who says that your attacker is your admin? Is anybody here who ever checked the source of the gcc compiler? Why not modify the gcc to make it compile specific crypto software (e.g. pgp) wrong, smuggling in any weakness? Everyone checks the pgp signatures after receiving a new version (do you?). Who checks the gcc ? Who checks the SunOS-cc ? If the government wants to attack software like pgp it would be easier to modify compilers than modifying the crypto sources.

One of the easiest ways to subvert your security is simply to record your keystrokes. It doesn't take a rocket scientist to hack your kernel (or whatever it's called on your OS) to do this. And how do you detect it?

Why not building keyboards with 4MByte RAM ? Let him use any OS he wants to use. Read out the keyboard at night by room-cleaning staff or by any program able to communicate in a network. Hadmut