From owner-freebsd-security@FreeBSD.ORG  Tue Jul 11 20:22:25 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 61EBD16A4DE
	for <freebsd-security@freebsd.org>;
	Tue, 11 Jul 2006 20:22:25 +0000 (UTC)
	(envelope-from phk@phk.freebsd.dk)
Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0468743D5A
	for <freebsd-security@freebsd.org>;
	Tue, 11 Jul 2006 20:22:24 +0000 (GMT)
	(envelope-from phk@phk.freebsd.dk)
Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.48.2])
	by phk.freebsd.dk (Postfix) with ESMTP id 9623F1703F;
	Tue, 11 Jul 2006 20:22:23 +0000 (UTC)
To: Mike Tancsa <mike@sentex.net>
From: "Poul-Henning Kamp" <phk@phk.freebsd.dk>
In-Reply-To: Your message of "Tue, 11 Jul 2006 16:18:19 -0400."
	<6.2.3.4.0.20060711161049.04bd37a0@64.7.153.2> 
Date: Tue, 11 Jul 2006 20:22:23 +0000
Message-ID: <77192.1152649343@critter.freebsd.dk>
Cc: freebsd-security@freebsd.org
Subject: Re: Integrity checking NANOBSD images 
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2006 20:22:25 -0000

In message <6.2.3.4.0.20060711161049.04bd37a0@64.7.153.2>, Mike Tancsa writes:

>With respect to prepending a random salt to the image, can you expand 
>what you mean ?

If you just run sha256 on the disk image, and the attacker
finds out, he will just run sha256 himself and record the result.

Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."'
when you thing you're running sha256 would be trivia.

If you take a random hexstring of 16 digits and prepend to the
disk-image, then the output of the sha256 is not constant
and in order to simulate it, he has to have access to the disk
image to feed into sha256

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.