Firewall Wizards mailing list archives
Re: File Integrity Check
From: Bill_Royds () pch gc ca
Date: Sat, 14 Aug 1999 10:10:06 -0400
What is the opinion of the BSD cksum command for generating hashses for files? It calculates a CRC for the file rather than a simple checksum but is less computationally expensive than MD5. I compromised on this during backups to avoid the MD5 overhead (and extra downtime) but with some hope that it is harder to fake than the sum checksum. Please respond to "Marcus J. Ranum" <mjr () nfr net> To: Russell Enderby <Russell.Enderby () arris-i com>, firewall-wizards () nfr net cc: (bcc: Bill Royds/HullOttawa/PCH/CA) Subject: Re: File Integrity Check
In pursuit of determining critical system files for modifications I was thinking the checksum prog 'sum' would be sufficient. Understanding that time,date, and file size can be modified under the ext2fs/ufs directory table. Is it possible to also make the 'sum' checksum appear to be correct?
Yes, the "sum" checksum is not particularly resistant to deliberate faking. It's an example of a normal checksum - resistant to accidental changes but not deliberate tampering.
I was under the impression tripwire uses its own special checksum prog to verify files, although would 'sum' be sufficient as well? If not does anyone know of better more thorough checksum app?
Tripwire's probably the thing to use. It uses a mix of cryptographic checksums including the de facto standard(s) SHA1 and MD5. That type of checksumming algorithm is designed to resistant to deliberate manipulation, and uses a much larger checksum output. It'd require extreme devotion and sophistication to defeat the checksum algorithms (i.e.: a national intelligence agency). That's not likely, since there are easier parts of the system to defeat. In short, I'd suggest using tripwire. If that's not an option for whatever reason, you can also use PGP to generate high quality checksums of files. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- File Integrity Check Russell Enderby (Aug 13)
- Re: File Integrity Check Marcus J. Ranum (Aug 13)
- Re: File Integrity Check Darren Reed (Aug 14)
- <Possible follow-ups>
- Re: File Integrity Check Steven M. Bellovin (Aug 13)
- Re: File Integrity Check Antonomasia (Aug 13)
- Re: File Integrity Check Bill_Royds (Aug 14)
- RE: File Integrity Check Choi, Byoung (Aug 15)
- Re: File Integrity Check Scot Anderson (Aug 15)
- Re: File Integrity Check Geva Patz (Aug 16)
- Re: File Integrity Check Adam Shostack (Aug 17)
- Re: File Integrity Check Dave Gillett (Aug 18)
- Re: File Integrity Check Bennett Todd (Aug 17)
- Re: File Integrity Check Scot Anderson (Aug 15)
- Re: File Integrity Check Bill_Royds (Aug 18)
- Re: File Integrity Check Brian Denehy (Aug 20)