PREVIEW: bsign embeds hash and/or digital signature in ELF files
Stainless Steel Rat
ratinox at peorth.gweep.net
Tue Dec 15 12:19:41 CET 1998
-----BEGIN PGP SIGNED MESSAGE-----
"OL" == Oscar Levi <elf at buici.com> writes:
OL> There is no expectation that bsign will work for generic text files.
OL> I have amother idea for them.
Thus two different mechanisms where one would suffice, IMO.
OL> This is true of any algorithm. If the tripwire database were writable
OL> on the harddrive, it would be vulnerable the same way.
The critical difference is that the Tripwire database (or a signature
thereof) can be made physically read-only, whereas embedded signatures
OL> Mr. Rat,
No honorific; just "Rat" is fine.
OL> I think I understand your point of view on this. I have received
OL> similar comments from several people. Given that bsign will never sign
OL> any file type, no one has been able to explain why they are so upset.
I am not upset; I just have a strong opinion.
System security is only as strong as the weakest link in the chain, and
from where I sit, bsign might have weaknesses that have not been thoroughly
OL> Tripwire is more complex than bsign and, therefore, has more failure
The one does not necessarilly follow from the other. A well-designed
complex system can be more fault-tolerant than a poorly-designed simple
OL> It adds a step to normal SA, updating the database on it's
OL> read-only medium, that I feel is undesirable and unnecessary.
I feel that it is an absolute requirement to ensure system security. As I
said, anything that could possibly be tampered with cannot be trusted.
I guess I'm just not-paranoid (because "they" really are out to get me, or
at least my systems) in a different way than you are.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.4.5 (GNU/Linux)
Comment: For info finger gcrypt at ftp.guug.de
-----END PGP SIGNATURE-----
Rat <ratinox at peorth.gweep.net> \ Warning: pregnant women, the elderly, and
PGP Key: at a key server near you! \ children under 10 should avoid prolonged
GPG Key: same as my PGP 5 (DH) key \ exposure to Happy Fun Ball.
More information about the Gnupg-devel