Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!aplcen!uakari.primate.wisc.edu!uwm.edu!psuvax1!rutgers!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: dunc@sun.com (duncs home)
Newsgroups: comp.virus
Subject: Re: Authentication/Signature/Checksum Algorithms
Message-ID: <0002.9001101538.AA03087@ge.sei.cmu.edu>
Date: 10 Jan 90 00:40:42 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 15
Approved: krvw@sei.cmu.edu

In article <0008.9001081228.AA09399@ge.sei.cmu.edu> you write:
>In response to Y. Radai's post:
>
>To protect against viruses, the best protection can be obtained by
>using a fast hashing algorithm together with an assymetric
>cryptosystem (like RSA).  This is also by far the most cost-effective
>(based on compute-time) approach...

With this scheme, what prevents a clever nasty from simply patching
the code doing the comparison to always return an all clear?  Also,
while the non- repudiation property seems to provide accountability,
it seems likely to be illusory.  Does the signer of the program really
know what's being signed or was it generated by some other program of
uncertain honesty?
				--Dunc