Challenge to TCPA/Palladium detractors
AARG!Anonymous
remailer at aarg.net
Fri Aug 9 22:30:09 EDT 2002
Re the debate over whether compilers reliably produce identical object
(executable) files:
The measurement and hashing in TCPA/Palladium will probably not be done
on the file itself, but on the executable content that is loaded into
memory. For Palladium it is just the part of the program called the
"trusted agent". So file headers with dates, compiler version numbers,
etc., will not be part of the data which is hashed.
The only thing that would really break the hash would be changes to the
compiler code generator that cause it to create different executable
output for the same input. This might happen between versions, but
probably most widely used compilers are relatively stable in that
respect these days. Specifying the compiler version and build flags
should provide good reliability for having the executable content hash
the same way for everyone.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list