Date: Tue, 11 Jul 2006 16:52:11 -0400 From: Mike Tancsa <mike@sentex.net> To: Ruslan Ermilov <ru@freebsd.org> Cc: freebsd-security@freebsd.org, Poul-Henning Kamp <phk@phk.freebsd.dk> Subject: Re: Integrity checking NANOBSD images Message-ID: <6.2.3.4.0.20060711164431.04bd00f8@64.7.153.2> In-Reply-To: <20060711203417.GJ56190@ip.net.ua> References: <44B4010E.7010809@mac.com> <77121.1152648353@critter.freebsd.dk> <6.2.3.4.0.20060711161049.04bd37a0@64.7.153.2> <20060711203417.GJ56190@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
At 04:34 PM 11/07/2006, Ruslan Ermilov wrote: > > > > > With respect to prepending a random salt to the image, can you expand > > what you mean ? > > >It means that every time you want to checksum it, you send some >random bits to be prepended to the image, then compute the >checksum(s). You then do the same (with the same salt) on a >trusted host and compare the results. OK, but that implies I have a copy of the image locally. We do on occasion make modifications to the config in the field, and sending back a 512MB image over dialup would be difficult for this deployment. ---Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.2.3.4.0.20060711164431.04bd00f8>