Challenge to TCPA/Palladium detractors
R. Hirschfeld
ray at unipay.nl
Sat Aug 10 07:33:30 PDT 2002
> Date: Fri, 9 Aug 2002 19:30:09 -0700
> From: AARG!Anonymous <remailer at aarg.net>
> Re the debate over whether compilers reliably produce identical object
> (executable) files:
>
> The measurement and hashing in TCPA/Palladium will probably not be done
> on the file itself, but on the executable content that is loaded into
> memory. For Palladium it is just the part of the program called the
> "trusted agent". So file headers with dates, compiler version numbers,
> etc., will not be part of the data which is hashed.
>
> The only thing that would really break the hash would be changes to the
> compiler code generator that cause it to create different executable
> output for the same input. This might happen between versions, but
> probably most widely used compilers are relatively stable in that
> respect these days. Specifying the compiler version and build flags
> should provide good reliability for having the executable content hash
> the same way for everyone.
A trivial observation: this cannot be true across hardware platforms.
TCPA claims to be "platform and OS agnostic", but Palladium does not.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cypherpunks-legacy
mailing list