Remote booting in a hostile world: to whom am I speaking? [Computer security]

摘要: Today's networked computer systems are very vulnerable to attack: terminal software, like that used by the X Window System, is frequently passed across a network, and trojan horse can easily be inserted while it in transit. Many other software products, including operating systems, load parts of themselves from server network. Although users may confident their workstation physically secure, some part network which they attached almost certainly not secure. Most proposals recommend cryptographic means protect remotely loaded also eliminate advantages remote loading-for example, ease reconfiguration, upgrade distribution, maintenance. For this reason, have largely been abandoned before finding way into commercial products. The article shows that, contrary intuition, no more difficult loads its an insecure than stand-alone workstation. In contrast prevailing practice, authors make essential use collision-rich hash function ensure exhaustive off-line search opponent will produce one, but many candidate pass words. This strategy forces open, on-line guessing attack offers user defensive unavailable case attack. >