Re: Encrypted configuration file?

Mike Amling <nospam@foobaz.com> wrote:
> When you say the MAC trick will work, I wonder how the attacker is
>detected if she surreptitiously installs a previously valid
>configuration file?

He isn't detected. You are of course correct, this is a problem. You
need some kind of tamper-proof state to detect it.

One way to mitigate this problem is to include a date in the configuration
file and display it prominently when the password is entered.

-- 
Kristian Gjøsteen