[tor-talk] How can I make sure that the Tails I'm running is legitimate?
Aeris
aeris+tor at imirhil.fr
Sat Aug 15 11:20:37 UTC 2015
> No, you cannot check a suspect OS with a suspect OS.
Oh yep, miss that point ><
Better to use another « safe » OS, but is re-building our own sha256 tool
enough ?
Even if the OS is malware, seems impossible (or sooooooooo difficult at least)
for me for a corrupted OS to tricks such tool.
The 2 only ways to do this I see at this moment is :
- trick the /dev/XXX read to send the real OS data, but in this case need the
real data somewhere on the compromised image and so it size must be very
different (×2).
- trick the compiler [1] but difficult to do with a custom sha256
implementation (unable to guess we compile a sha256 to inject forced return
value if detecting compromissed OS data on input).
[1] https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
--
Aeris
Individual crypto-terrorist group
self-radicalized on the digital Internet
Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150815/4dc3797c/attachment-0001.sig>
More information about the tor-talk
mailing list