Re: Proposal: Remove MD5 / SHA1 support from veriexec

To: Matthias Weckbecker <matthias%weckbecker.name@localhost>, tech-security%netbsd.org@localhost
Subject: Re: Proposal: Remove MD5 / SHA1 support from veriexec
From: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
Date: Sun, 27 Aug 2017 22:08:48 +0100


On 08/26/17 20:30, Matthias Weckbecker wrote:
> One could still boot single user mode where veriexec happens not to
> be in effect, remount / rw, alter the hashes and be done with it.
> 
> Not that I'm saying that this is necessarily a good thing, but it's
> possible.

Issues related to physical or console access where you're able take the
machine down & boot it back up in single user mode is an entirely
different discussion which is out of scope for which hash functions
veriexec supports :o)


Sevan

Follow-Ups:
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Martin Husemann

References:
- Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Sevan Janiyan
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Martin Husemann
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Brett Lymn
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Matthias Weckbecker

Prev by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Previous by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Indexes:

Home | Main Index | Thread Index | Old Index