Full Disclosure mailing list archives
RE: Cryptome Hacked!
From: batz <batsy () vapour net>
Date: Wed, 26 Feb 2003 20:18:16 -0500 (EST)
On Wed, 26 Feb 2003, Sung J. Choe wrote: :> Third, the best method of ensuring the integrity of software right now :> is signed crypographic checksums from someone you trust. :What would you use to generate that checksum? Can you trust the software :used to generate the checksum? How can you trust that software? Please :do not give some simple-minded answer like "cryptographic checksums" since :that does not answer my specific question. : You cannot trust software. You can only trust processes, people and institutions. So, I will reiterate my original answer which is that you can trust cryptographic checksums *from someone you trust*, or more accurately, ones which have been generated using a process you trust. If you want to know how to evaluate how much trust you should have in a process, then maybe the Common Criteria, BS7799, the TCSec rainbow books, should help. Better yet, have a plan B for dealing with the possibility that your trust may be unfounded. -- batz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Cryptome Hacked! Sung J. Choe (Feb 26)
- RE: Cryptome Hacked! Steve Wray (Feb 26)
- Re: Cryptome Hacked! Morgan Marquis-Boire (Feb 26)
- Re: Cryptome Hacked! Ian Eyberg (Feb 26)
- RE: Cryptome Hacked! Steve Wray (Feb 26)
- Re: Cryptome Hacked! Etaoin Shrdlu (Feb 26)
- Re: Cryptome Hacked! Morgan Marquis-Boire (Feb 26)
- RE: Cryptome Hacked! Steve Wray (Feb 26)
- Re: Cryptome Hacked! Kevin Spett (Feb 26)
- Re: Cryptome Hacked! yossarian (Feb 26)
- Re: Cryptome Hacked! batz (Feb 26)
- <Possible follow-ups>
- RE: Cryptome Hacked! Sung J. Choe (Feb 26)
- RE: Cryptome Hacked! batz (Feb 26)
- RE: Cryptome Hacked! Sung J. Choe (Feb 26)
- Re: Cryptome Hacked! yossarian (Feb 26)
- RE: Cryptome Hacked! Sung J. Choe (Feb 26)
- Re: Cryptome Hacked! Kevin Spett (Feb 26)
- RE: Cryptome Hacked! Steve Wray (Feb 26)
- Re: Cryptome Hacked! Kevin Spett (Feb 26)