[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] How can I make sure that the Tails I'm running is legitimate?



> No, you cannot check a suspect OS with a suspect OS.

Oh yep, miss that point ><

Better to use another « safe » OS, but is re-building our own sha256 tool 
enough ?
Even if the OS is malware, seems impossible (or sooooooooo difficult at least) 
for me for a corrupted OS to tricks such tool.

The 2 only ways to do this I see at this moment is :
 - trick the /dev/XXX read to send the real OS data, but in this case need the 
real data somewhere on the compromised image and so it size must be very 
different (×2).
 - trick the compiler [1] but difficult to do with a custom sha256 
implementation (unable to guess we compile a sha256 to inject forced return 
value if detecting compromissed OS data on input).

[1] https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

-- 
Aeris
Individual crypto-terrorist group
self-radicalized on the digital Internet

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk