[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <03Aug6.090851cest.118293@fd.hif.hu>
From: adam at hif.hu (Szilveszter Adam)
Subject: Call for discussion
Jason Coombs wrote:
> A closed source database application offering known good hashes and forensic
> details of files published by vendors... These people are headed in a positive
> direction, but the closed source part bothers me for some reason.
<...huge snip...>
Of course I was not surprised to see that Tripwire Inc was behind this
intiative. It could really boost use of their technology and give it a
higher profile in general.
But I as I come to think of it, this idea seems less and less feasible
to me. The problems as I see them are:
- You would need to include *huge* number of files for this database to
be a meaningful resource. Just look at how many files are there eg in an
average software package. All of them need to be added to the database,
and when a new version comes out, you have to do it again. How long are
you going to keep the info? Ideally, it should be held close to
infinitely, since no one can tell when a particular version is no longer
used anywhere. The database technology would need to be very efficient
to be able to quickly give you results, since verification times must be
as short as possible etc.
- While this approach may function somewhat with closed-source software
whose vendors agree to directly forward the relevant info to the
database, it will not work well for other closed source software, since
there is no known-good baseline to work from. There were cases when a
vendor's distribution medium was infected with a virus for example. So
simpy saying "this must be good, it came on the official CD" is not enough.
- In the open-source world, this approach would not work at all. While
closed-source software only has a limited number of publicly available
versions, with open source, you can have as many as there are users.
Therefore, the only method in this case is to use a *local* repository
to store your own hashes (the quoted text hints at this when talking
about "appliances") but this is already possible today and nothing new.
- Generally, accessing this database for checking of authenticity over
the Internet (if offered) is problematic (not to mention the ability to
add new hashes to it, there the security implications are so grave that
I dare not to speculate about them) since there is no really good way to
make sure that the results you get are really authentic, and safe from
tampering. This may be solved when the database is local and under your
control. But again, this is something that already exists.
- Is it just me, but while people seem kicking and screaming about how
NGSCB/TCPA will limit their freedoms and make them dependent on outside
influence for their systems to work, this proposed system would meet no
resistance from tha same people? Sure, there would be no obligation to
use it, but you had better do so, if you wanna be "secure", right?...
Just my HUF 0.02...
Regards
Sz.
Powered by blists - more mailing lists