undefined | Better HN

0 pointskazinator7y ago0 comments

Yes, simple hashes that are widely disseminated solve the problem from a practical point of view. Someone tampering with a binary executable or installer cannot alter all of the copies of the hash.

A blockchain could be used for that. When you publish something, take its hash, and the add it to a public ledger.

0 comments

close047y ago

The advantage of a certificate is that it's 0 effort for the regular user. Every additional layer of "work" someone has to do to check that integrity just lowers the efficiency.

I suggested the disseminated hash method because it would work but most users won't bother checking it. Add blockchain in that and you've lost them completely. Unless you have a 1-click way of checking, something built into the OS ideally, it will only be used by the more tech savvy users.

kazinatorOP7y ago

> most users won't bother checking it

That's also zero effort, though.

I don't care if users aren't checking; I published the hash, so I'm covered. I am not liable for the behavior of random materials, even if they happen to be tampered versions of something I produced.

Even if you make a signed and certified installer, someone can turn it into a malicious unsigned one and people will install anyway. They will click through the UAC and that's that.

There is no benefit in the signing when the genuine program is being installed; there is no attack going on that the signing is protecting against. It's supposed to stop a counterfeit program.

If the goal is zero effort on the part of the user, then the scheme is doomed. The zero-effort user takes no interest in signing; he or she doesn't wonder "how come this dialog is coming up", they just click through it.

Someone who counterfeits programs and adds malware can evne do one better: they can wrap the program in their own installer which has a valid certificate of their own.

The whole thing is a racket. You can't trust an artifact just because it was signed by someone whose only virtue was that they forked out $$$ for a certificate. Everyone has money, from heinous scoundrel to sparkling saint.

close047y ago

Here's an example of how the signature can help a user [0]. If fewer people fall for it that's still a win.

Your argument is that if a mechanism isn't perfect we shouldn't be using it at all. Well seatbelts and airbags also don't guarantee anything but still save people. Security is additive, no layer is perfect but put enough of them together and you can be relatively safe.

[0] https://arstechnica.com/information-technology/2015/05/sourc...

1 more reply

j / k navigate · click thread line to collapse

0 comments

close047y ago

The advantage of a certificate is that it's 0 effort for the regular user. Every additional layer of "work" someone has to do to check that integrity just lowers the efficiency.

kazinatorOP7y ago

> most users won't bother checking it

That's also zero effort, though.

I don't care if users aren't checking; I published the hash, so I'm covered. I am not liable for the behavior of random materials, even if they happen to be tampered versions of something I produced.

Even if you make a signed and certified installer, someone can turn it into a malicious unsigned one and people will install anyway. They will click through the UAC and that's that.

There is no benefit in the signing when the genuine program is being installed; there is no attack going on that the signing is protecting against. It's supposed to stop a counterfeit program.

Someone who counterfeits programs and adds malware can evne do one better: they can wrap the program in their own installer which has a valid certificate of their own.

close047y ago

Here's an example of how the signature can help a user [0]. If fewer people fall for it that's still a win.

[0] https://arstechnica.com/information-technology/2015/05/sourc...

1 more reply

j / k navigate · click thread line to collapse