Re: [Nolug] Any way to have a program verify that it's running a legitimate version?

From: Elliott Seyler <rainrunner87_at_mailshack.com>
Date: Fri, 25 May 2007 17:38:17 -0500
Message-ID: <46576559.5020207@mailshack.com>

Therein lies the problem: users can't trust a closed-source program, and
I can't trust users not to hash it.

Friedrich Gurtler wrote:
> Is this project going to be open source?
>
> You could calculate a hash of the program and have that be a component
> of whatever handshaking protocol you end up using.
>
> However, if its open source they could just hardcode the expected hash
> into the handshake, and do whatever they want.
>
> -- Fritz
>
> On 5/25/07, *Elliott Seyler* <rainrunner87@mailshack.com
> <mailto:rainrunner87@mailshack.com>> wrote:
>
> I'm planning a rather crazy project to make a distributed server, and
> one of the problems I've come across in my initial planning is
> preventing people from connecting modified versions of the server. I
> want to prevent anything but a legitimate version from being part
> of the
> server network, to prevent collusion with the intent to reveal secure
> information or communication sent or stored within the network.
>
> The trouble is that I can't think of any reliable way to do
> this. Any
> suggestions you may have would be welcome.
>
> -Elliott
>
> ___________________
> Nolug mailing list
> nolug@nolug.org <mailto:nolug@nolug.org>
>
>

___________________
Nolug mailing list
nolug@nolug.org
Received on 05/25/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST