Re: [tlug] Any way to make code running on a cloud service publicly verifiable?

[Curt Sampson <cjs@example.com>]

On 2012-09-14 20:37 +0900 (Fri), Stephen J. Turnbull wrote:

> The thing is, you absolutely have to have a third party certify
> that... (2) that the initial code it downloaded is the code you
> published. ("Initial" because you could trivially add a backdoor to
> upload additional code via HTTPS or whatever -- this can only be dealt
> with by a 3rd party certifying that your initial code doesn't do that.)

Actually, you don't need the third party to verify that; the user of the
site can download the code and verify it himself.

> If you trust SHA1 is cryptographically strong, then you could do this
> easily with git or hg... Have the cloud provider install a
> trusted, known clean version of the DVCS, which checks out a revision
> you specify from a public repo.

Be very careful when trying to use a hash for verification; naïve ways
of using it are vulnerable to length-extension attacks and probably
other things. Given that you need public verification, I'm not even sure
that an HMAC will do what you need, either, so use a proper digital
signature. This is not hard to do with OpenSSL or PGP.

cjs
-- 
Curt Sampson         <cjs@example.com>         +81 90 7737 2974

It is easier to write an incorrect program than understand a correct one.
    --Alan Perlis, Epigrams on Programming (#7)