[Cryptography] "Ulysses pacts": better than "warrant canaries" ?

Jerry Leichter leichter at lrw.com
Sun Sep 13 17:28:31 EDT 2015 

> ...In the case of programs that run on user’s computers there’s “binary transparency.”  When a program with binary transparency receives an update, it computes that update’s “hash” (a mathematical fingerprint) and sends it to a server maintained by a disinterested third party.  It also checks the hashes of all the other updates that have been received by all the other versions of the program that have checked in.  If it sees that it has got a special update, it refuses to install it and alerts the user....
All a spy agency has to do to get around this is require that the same update be sent to everyone.  The implanted code can determine when it should actually do something.

Stuxnet shows exactly how this has already been done:  It spread all over the place, but (fairly successfully) only activated for the target machines.

If the goal is to attack one or more identified users of the program in question ... the targeting is that much easier.

It's not that this kind of thing isn't worth doing ... it's that it isn't a magic bullet.  (It's particularly effective in cases where the attacker can't get the software provider to actually modify software, but is able to MitM connections back to the provider.  Of course, then it could also MitM connections to the third-party checker ... there's no free lunch.)

                                                        -- Jerry

More information about the cryptography mailing list