On Sunday, 2000-12-24 at 02:59:23 +1100, Peter Eckersley wrote: > I threw together a detailed design proposal for a simpler system; it's > sitting at
> http://www.cs.mu.oz.au/~pde/antiparanoia/design.txt > I've started implementing a few bits and pieces of it, but I'd > appreciate comments and constructive criticism before I do too much. First of all, please reverse the role of client and server. The client (i.e. the one who requests something) should be the box that has the checksums. Otherwise just removing a crontab entry would be enough to defeat the whole mechanism. The "client" (verifier) requests the "server" (verified) to present it's checksums, mtime, permissions, etc. You need a way to detect a substitution, e.g. somebody replaced your verification code with his own. This one answers with pre-computed checksums. So you have to salt the checksum calculations with a session key (random value should suffice) to make the variable. This also means that the verifier has to compute the expected checksums afresh for each run. And, please do not make this too Debain-specific. If you do it right, the whole thing can be used for all platforms that support TCP/IP. I doubt you can take advantage of the existing Debian infrastructure unless you permit precomputed checksums. (Free)Veracity does this, and it is it's major technical weakness IMO. Ah, yes, and I'd prefer the thing to be in Perl ;-) You could use one of several data freezers in Perl, like Storable, Data::Dumper, etc. Provide more than one checksumming algorithm to avoid getting caught by later detected weaknesses in MD5. If this is done right, Debian could provide a server (inverting the client/server relationship I proposed) that provides the (dynamic) checksums for all files in the distribution. (This would probably require massive CPU power, alas.) HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://free.prohosting.com/~lupe | | The equal opportunity democracy - every vote has an equal chance | | of being counted. Though a bad one if you live in Florida. | | Those people told us how to run a democracy ?!? |
