> You could sign the language pairs with your public key when uploading, > have the public key in the app, let the app download both language pair > and signature and check the signature. >
That doesn't make much sense to me. In your schema the attacker would also be able to sign his malicious code, as the key would be public for everyone. > (Or you could download language pairs using https and pretend that the > CA system is safe and that no one who's not authorised can upload bad > pairs.) > Yes, that's why I've said that Benedikt's idea would serve for the official app, but not for Mitzuli. Mitzuli does not download language pairs over https, and doing so is not an option for the moment. That's why I was planning to implement the whole signing mechanism into Mitzuli, and I suggested that we could reuse that code in the official app. > But the MITM issue is unrelated to the issue of storing on SD, isn't it? > More or less. The underlying threat is the same in both cases (an attacker modifies our bytecode). The only thing that changes is how he would achieve that: in one case he would replace it in the filesystem whereas in the other case he would modify it as it is being downloaded. Signing language pairs would solve both of them. > (That is, the MITM vulnerability is there regardless of whether you only > support Android 4.4 or if you implement Benedikt's hash trick.) > It is there in Mitzuli, but not in the official app. So there is certainly no need to worry about it here!
------------------------------------------------------------------------------
_______________________________________________ Apertium-stuff mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/apertium-stuff
