On Fri, May 25, 2012 at 2:17 PM, Nicolás Alvarez <[email protected]> wrote: > A friend who has a clue just told me "Your software will never be so > secure that the easiest means of attack comes down to the hashing > algorithm".
Exactly. The physical lock that protects a signing key can be picked. A decent power saw or bold cutters can be a short cut. Bribes can open the doors to get you to the lock that the signing key is behind. And you need to hack a server account, of course. All much easier than a preimage attack, but hard enough to do without being detected that it's probably not worth it. _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
