[EMAIL PROTECTED] wrote:
Is there a security/crypto expert out there who knows if there's a
way for a server to hand out a chunk of executable code then, when
the code runs and calls back, it can verify the code is running
unchanged (i.e. no local storage on the client system at all)? I'm
very naïve about security and my gut tells me no.
In general, no.
If you have specific constraints, you may be able to,
but in the general case, your problem is the converse of another problem
I've just been looking at:
can you do serious crypto on a machine without _some_ form of permanent
storage?
Ferguson and Schneier's "Practical Cryptography" says "no",
with reasoning, and I tend to believe them.
D.
