In message <[EMAIL PROTECTED]>, Mike Tancsa writes: >With respect to prepending a random salt to the image, can you expand >what you mean ?
If you just run sha256 on the disk image, and the attacker finds out, he will just run sha256 himself and record the result. Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."' when you thing you're running sha256 would be trivia. If you take a random hexstring of 16 digits and prepend to the disk-image, then the output of the sha256 is not constant and in order to simulate it, he has to have access to the disk image to feed into sha256 -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [EMAIL PROTECTED] | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
