Re: Crypto software that *is* exportable from the USA
Bear Giles <bear@coyotesong.com> wrote:
> The problem isn't in *producing* a package, it's in *acquiring* that
> package later. What happens if someone successfully attacks a site
> immediately before you mirror it?
What happens if someone replaces a PGP signature?
Answer: people notice.
[Consider an advanced attack, launched from a "router" which changes
certain packets "in-flight" so that some files, when downloaded,
are different from what's on the server, for some range of client ip
addresses. I don't know if script kiddies have a toy that does this yet,
but it'll happen eventually.]
> MD5 checksums aren't adequate, since the attacker can forge new ones.
> Cryptographically signed checksums don't help, since the software (at
> time of export) can't include the software to verify them. Downloading
> PGP from the ZA site won't help because you can't verify *its* checksum.
If you can trust the debian packages, you can trust an md5sum contained
in one of those packages.
Perhaps a distributed auditing system (like what was used for the RSA
challenge, but instead periodically downloading files and verifying
md5sums) would be a good thing -- to set off alarms after a site has
been cracked. [If no alarms go off for some period of time after you've
downloaded a fresh copy of the system, you can be reasonably confident
that you got a good copy and that the signatures you have are probably
the correct ones.]
Perhaps useful would be independent "signature clearinghouses" which let
you check md5sums without talking to the site you got your packages from.
[The more paranoid might want to check against a large number of sites,
and might want an auditing system to be in place as well.]
> > Bootstrapping is hard -- best you can do for the general case is compare
> > notes after you've gotten a secure system up.
>
> And that, it seems, is exactly the "problem" that this program seeks
> to "fix."
Obviously it can't fix the problem for the past.
However, it might help in the future...
[Perhaps more important: security oriented technology can only be a
part of a secure system.]
--
Raul
Reply to: