> Dr. Stephen Henson wrote:
> A determined and knowledgable attacker can subvert anything that's
> not in hardware.
I think this is a very strange thing to say. If he has access to the
hardware, he can subvert it too. If he doesn't have access to the hardware,
how can he subvert the software?
> Pulling a cert from a server isn't that much
> harder to break given that it's trivial to set up a local DNS
> server that will redirect queries to the attacker's own server.
So sign the cert. No hardware needed.
> (Or to simply use the same editor to replace your URL with their
> own.)
Sure, if you have access to the software. If you have access to any
security scheme, you can simply disable the scheme.
> Another attack is to attach to the process, stop it after
> the cert has been loaded, then replace that cert with the attacker's.
If you have that level of control over the process, you can make the
process do anything you want, but you could just do what you wanted anyway
with that level of control over the system. So what do you need the process
for?
> One positive thing: if you're operating at this level it's trivial
> to use encryption and hashing to hide the cert and verify it has
> not altered. It's not perfect and you'll still need to embed an
> encryption key.
If someone wants to alter the certificate that secures their own
machine,
why should I care? You can certainly break things that you are allowed
access to.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
