[Nix-dev] security - observing changes - example authorizedKeys
Vladimír Čunát
vcunat at gmail.com
Tue Jul 24 17:29:11 CEST 2012
On 22 July 2012 15:45, Marc Weber <marco-oweber at gmx.de> wrote:
> And trusting the nix store hash sums (nix-store --verify
> --check-contents) is not safe either - because the database could have
> been compromised (then the attacker would know nixos very well).
One can do it like in git: if you have one SHA for the state of the
whole system, then you can verify it and even human-remember this
number (e.g. in bubble-babble). Or you can sign it and verify via some
chain of authorities (but the root authority stored could be
compromised).
Vlada
More information about the nix-dev
mailing list