As you're Mac specific you could just use a modified Sparkle or something
like that. Even if you want to use a stock Sparkle, I have some code that
does threshold RSA. My intention was to use it for the Android wallet but I
never found the time. I can send you a copy if you want. But it's easier
an
That multisignature/blockchain commitment idea seems really solid, Peter.
Thanks very much indeed everyone, this is all very helpful. Much to research
and think about.
Interestingly, a thread is presently raging on liberationtech about Tor Browser
Bundle, and the subject of automatic updates ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Gregory Maxwell had some good ideas along these lines at the san jose
conference. Extending gitian with these kinds of features would be a good
approach.
But I think its worth thinking about attack models. A huge danger with
auto-updating is that
One approach you could use would be to use bitcoin signing on
a list of the build artifacts together with their SHA256 hashes.
If you have a look at the MultiBit release notes you get the
overall idea:
https://multibit.org/releases/multibit-0.5.13/release.txt
Currently these aren't machine read
Indeed. You can hardcode a "distributor" public key in the software,
and client software will only trust signed data from that key. Of
course, the private key for that data is not kept on the server
distributing the signed checksums. Ideally it would be kept offline,
and the couple-times-per-yea
If you want package authentication, you should at least throw in some
digital signing, not just a checksum. With a compromised host, both the
checksum and binaries can be changed undetectably, but if there's a
signature made by a key that is not kept on the host, there's no way to
fake a valid bina
6 matches
Mail list logo
