Date: Tue, 11 Jul 2006 13:52:13 -0700 (PDT) From: "R. B. Riddick" <arne_woerner@yahoo.com> To: Chuck Swiger <cswiger@mac.com>, Poul-Henning Kamp <phk@phk.freebsd.dk> Cc: freebsd-security@freebsd.org Subject: Re: Integrity checking NANOBSD images Message-ID: <20060711205213.16994.qmail@web30313.mail.mud.yahoo.com> In-Reply-To: <44B408E7.8070000@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Chuck Swiger <cswiger@mac.com> wrote: > That suggestion is a very good point, although trying to find a single > trojaned image which matches several checksum methods is supposed to be a > highly difficult task. > If the hash function is cryptographically secure, even a single such hash function/method should be enough... Although there is this birthday paradoxon (or what it is called in english): IIRC it is about 23 people in a room and astonishingly the probability that 2 of them have the same birthday is more or equal to 0.5 under certain simplifying assumptions (e. g. that there are so many people from which the sample can be taken (I mean: A world with only 23 people, which have pairwise different birthdays would be unsuitable for that probabilistic experiment))... But your multi-hash-method idea has still the problem, that the trojan could just send the expected hash values after some delay... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060711205213.16994.qmail>