3. Client executable integrity

If you use samhain in a client/server setup, the client needs to authenticate to the server using a password that is located within the client executable, at one of several possible places (where the valid place for your particular build is chosen at random at compile time). If the password is set, the alternative places are filled with random values.

Upon authentication to the server, client and server negotiate ephemeral keys for signing and encrypting further communication.

This implies that an intruder needs to analyse the running process to obtain knowledge of the signing/encryption keys in order to successfully fake a valid communication with the server, or she needs to analyse/disassemble the executable in order to find the password.