On Fri, 13 Aug 2004, Morlock Elloi wrote: > > A cool thing for this purpose could be a patch for gcc to produce unique > > code every time, perhaps using some of the polymorphic methods used by > > viruses. > > The purpose would be that they do not figure out that you are using some > security program, so they don't suspect that noise in the file or look for > stego, right?
In better case, this. In worse case, to force the adversary to face an unknown, unexpected situation they aren't trained to handle. > The last time I checked the total number of PDA programs ever offered to public > in some way was around 10,000 (5,000 ? 100,000 ? Same thing.) That can be > trivially checked for. Any custom-compiled executable will stand out as a sore > thumb. Until a Gentoo-like Linux distro for PDAs appears. Then custom-compiled code becomes quite common in that segment of consumers. Another possible way for wrecking the set of file signatures "in the wild" could be releasing a product (which then would have to become popular, so it has to be useful) to do a function modifying the executables - may be a code packer (flash space is still a premium in the PDAs), may be a realtime patcher (for eg. protecting against some generic code exploits), in extreme cases may be an otherwise benign trojan or worm. > You will suffer considerably less bodily damage inducing you to spit the > passphrase than to produce the source and the complier. Yes, but the same applies to your colleague. Would you like it to be easy for your colleague to betray you? > Just use the fucking PGP. It's good for your genitals. Unless the adversary beats the passphrase from your colleague and then comes for you. Don't be so selfish. :)
