Date: Tue, 11 Jul 2006 16:52:11 -0400 From: Mike Tancsa <mike@sentex.net> To: Ruslan Ermilov <ru@freebsd.org> Cc: freebsd-security@freebsd.org, Poul-Henning Kamp <phk@phk.freebsd.dk> Subject: Re: Integrity checking NANOBSD images Message-ID: <6.2.3.4.0.20060711164431.04bd00f8@64.7.153.2> In-Reply-To: <20060711203417.GJ56190@ip.net.ua> References: <44B4010E.7010809@mac.com> <77121.1152648353@critter.freebsd.dk> <6.2.3.4.0.20060711161049.04bd37a0@64.7.153.2> <20060711203417.GJ56190@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:34 PM 11/07/2006, Ruslan Ermilov wrote:
> > >
> > With respect to prepending a random salt to the image, can you expand
> > what you mean ?
> >
>It means that every time you want to checksum it, you send some
>random bits to be prepended to the image, then compute the
>checksum(s). You then do the same (with the same salt) on a
>trusted host and compare the results.
OK, but that implies I have a copy of the image locally. We do on
occasion make modifications to the config in the field, and sending
back a 512MB image over dialup would be difficult for this deployment.
---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.3.4.0.20060711164431.04bd00f8>