[11435] in cryptography@c2.net mail archive
Re: Challenge to TCPA/Palladium detractors
daemon@ATHENA.MIT.EDU (R. Hirschfeld)
Sat Aug 10 12:06:29 2002
Date: Sat, 10 Aug 2002 16:33:30 +0200
From: "R. Hirschfeld" <ray@unipay.nl>
To: remailer@aarg.net
Cc: cypherpunks@lne.com, cryptography@wasabisystems.com
In-reply-to: <9a9b042036dae4dc85cd793e52375ec5@aarg.net> (message from
AARG!Anonymous on Fri, 9 Aug 2002 19:30:09 -0700)
Reply-To: ray@unipay.nl
> Date: Fri, 9 Aug 2002 19:30:09 -0700
> From: AARG!Anonymous <remailer@aarg.net>
> Re the debate over whether compilers reliably produce identical object
> (executable) files:
>
> The measurement and hashing in TCPA/Palladium will probably not be done
> on the file itself, but on the executable content that is loaded into
> memory. For Palladium it is just the part of the program called the
> "trusted agent". So file headers with dates, compiler version numbers,
> etc., will not be part of the data which is hashed.
>
> The only thing that would really break the hash would be changes to the
> compiler code generator that cause it to create different executable
> output for the same input. This might happen between versions, but
> probably most widely used compilers are relatively stable in that
> respect these days. Specifying the compiler version and build flags
> should provide good reliability for having the executable content hash
> the same way for everyone.
A trivial observation: this cannot be true across hardware platforms.
TCPA claims to be "platform and OS agnostic", but Palladium does not.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
