From owner-freebsd-security@FreeBSD.ORG Tue Jul 11 20:34:16 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 248A516A4DA for ; Tue, 11 Jul 2006 20:34:16 +0000 (UTC) (envelope-from ru@ip.net.ua) Received: from cielago.ip.net.ua (cielago.ip.net.ua [82.193.96.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40D4B43D73 for ; Tue, 11 Jul 2006 20:34:14 +0000 (GMT) (envelope-from ru@ip.net.ua) Received: from heffalump.ip.net.ua (heffalump.ip.net.ua [82.193.96.213]) by cielago.ip.net.ua (8.13.6/8.13.6) with ESMTP id k6BKWwlZ053848 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 11 Jul 2006 23:32:59 +0300 (EEST) (envelope-from ru@ip.net.ua) Received: (from ru@localhost) by heffalump.ip.net.ua (8.13.6/8.13.6) id k6BKYIVs092160; Tue, 11 Jul 2006 23:34:18 +0300 (EEST) (envelope-from ru) Date: Tue, 11 Jul 2006 23:34:18 +0300 From: Ruslan Ermilov To: Mike Tancsa Message-ID: <20060711203417.GJ56190@ip.net.ua> References: <44B4010E.7010809@mac.com> <77121.1152648353@critter.freebsd.dk> <6.2.3.4.0.20060711161049.04bd37a0@64.7.153.2> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IbA9xpzOQlG26JSn" Content-Disposition: inline In-Reply-To: <6.2.3.4.0.20060711161049.04bd37a0@64.7.153.2> User-Agent: Mutt/1.5.11 X-Virus-Scanned: by amavisd-new Cc: freebsd-security@freebsd.org, Poul-Henning Kamp Subject: Re: Integrity checking NANOBSD images X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jul 2006 20:34:16 -0000 --IbA9xpzOQlG26JSn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 11, 2006 at 04:18:19PM -0400, Mike Tancsa wrote: > At 04:05 PM 11/07/2006, Poul-Henning Kamp wrote: > >In message <44B4010E.7010809@mac.com>, Chuck Swiger writes: > > > >>Checksumming the device image is a fine way of checking the=20 > >integrity of it, > >>assuming it is read-only. The only thing you might want to do is=20 > >use two or > >>three checksum algorithms (ie, use sha256 and md5 and something=20 > >else), so that > >>someone can't create a new image which matches the sha256 checksum of t= he > >>original. > > > >A much better idea is to send a random "salt" to be prepended to > >the disk image before it is run through sha256, that would prevent > >the attacker from running sha256 and any other algorithm you > >could care for on the image, store the results and return them > >with trojans. > > > >Copying the sha256 binary over is no guarantee against a kernel > >embedded trojan. > > > >But then again, how paranoid one has to be is a matter of preference. >=20 >=20 > Hi, > Thanks for the responses. I know there are no perfect ways.=20 > I guess I want to understand the risk as much as possible and=20 > mitigate against tampering as much as possible without designing the=20 > requirement for some guy to sit in front of the box with a gun :) >=20 > With respect to prepending a random salt to the image, can you expand=20 > what you mean ? >=20 It means that every time you want to checksum it, you send some random bits to be prepended to the image, then compute the checksum(s). You then do the same (with the same salt) on a trusted host and compare the results. Cheers, --=20 Ruslan Ermilov ru@FreeBSD.org FreeBSD committer --IbA9xpzOQlG26JSn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFEtAtJqRfpzJluFF4RAjDQAJ9gguSZD27JPnOvhi8ZQyeIq6Q86ACfU94t OqEG6ZnP18iNNAX/8u7PbTo= =RERb -----END PGP SIGNATURE----- --IbA9xpzOQlG26JSn--