[Cryptography] Secure software update protocol?
Ray Dillinger
bear at sonic.net
Mon Feb 22 21:39:57 EST 2016
On 02/22/2016 06:14 PM, Allen wrote:
> Exploit: Distributor's updated messaging client loads and runs following
> code: If user id == "joe", activate hook that stenographically embeds
> encryption key in all outgoing encrypted messages.
>
> Basically, every user would get the "joejob", but it would only be
> activated for selected users.
Well, absolutely. If they're willing to distribute the evidence to
everyone, they can do it. But it would be very hard to do it in
secret, and if caught it would be flatly impossible to pretend they
hadn't done it.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160222/e741fab9/attachment.sig>
More information about the cryptography
mailing list