Trusting Trust: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
 
No edit summary
Line 36: Line 36:
printf("%s\n", s);
printf("%s\n", s);
}
}

==What can we do?==
===Checksums===
[http://www.shen.myby.co.uk/threel/tech/tools/md5.htm MD5 for Win32]

Revision as of 12:44, 6 January 2005

Reflections on trusting trust

  • Where do you get your software from?
  • Do you trust the manufacturer?
  • Do you download free software instead?
  • Do you trust the programmer?
  • Do you know that you really got the "real" program or could it be an altered copy?

Examples

Example 1

A self reproducing program 

#include <stdio.h>

char s[] =
{
'\n', '\n', 'i', 'n', 't', ' ', 'm', 'a', 'i', 'n', '(', ')', '\n', '{', '\n', '\t',
'i', 'n', 't', ' ', 'i',  ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f', '(', '\"',
'#', 'i', 'n', 'c', 'l', 'u', 'd', 'e', ' ', '<', 's', 't', 'd', 'i', 'o', '.', 'h',
'>', '\\', 'n', '\\', 'n', '\"', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', 'c', 'h', 'a', 'r', ' ', 's', '[', ']', ' ', '=', '\\', 'n', '{', '\\',
'n', '\"', ')', ';', '\n', '\t', 'f', 'o', 'r', '(', 'i', ' ', '=', ' ', '0', ';',
' ', 's', '[', 'i', ']', ';', ' ', 'i', '+', '+', ')', '\n', '\t', '\t', 'p', 'r',
'i', 'n', 't', 'f', '(', '\"', '\\', 't', '\, '%', 'c', '\, ',', '\\', 'n', '\"',
',', ' ', 's', '[', 'i', ']', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', '}', '\\', 'n', '\"', ')', ';', '\n', '\t', 'p', 'r', 'i', 'n', 't', 'f',
'(', '\"', '%', 's', '\\', 'n', '\"', ',', ' ', 's', ')', ';', '\n', '}'
};

int main()
{
	int i;
	printf("#include <stdio.h>\n\n");
	printf("char s[] =\n{\n");
	for(i = 0; s[i]; i++)
		printf("'%c', ", s[i]);
	printf("};\n");
	printf("%s\n", s);
}

What can we do?

Checksums

MD5 for Win32

Retrieved from "https://sarwiki.informatik.hu-berlin.de/index.php?title=Trusting_Trust&oldid=560"