> No, you cannot check a suspect OS with a suspect OS. Oh yep, miss that point >< Better to use another  safe  OS, but is re-building our own sha256 tool enough ? Even if the OS is malware, seems impossible (or sooooooooo difficult at least) for me for a corrupted OS to tricks such tool. The 2 only ways to do this I see at this moment is : - trick the /dev/XXX read to send the real OS data, but in this case need the real data somewhere on the compromised image and so it size must be very different (Ã2). - trick the compiler [1] but difficult to do with a custom sha256 implementation (unable to guess we compile a sha256 to inject forced return value if detecting compromissed OS data on input). [1] https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://cafÃ-vie-privÃe.fr/
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk