Rich Salz wrote:
> Another approach would be to double the number of systems that the adversary
> must compromise. HostA will run the service, but only when HostB sends
> it startup info. At boot A pings B. B "calls back" over over an SSL link
> and sends the passphrase using something like S/Key perhaps.
Does that double the number of systems? Surely all the adversary has to
do is substitute his own s/w for the thing that receives the passphrase
and reboot A, not requiring a crack of B at all.
Cheers,
Ben.
--
SECURE HOSTING AT THE BUNKER! http://www.thebunker.net/hosting.htm
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
