Firewall Wizards mailing list archives
Re: File Integrity Check
From: Adam Shostack <adam () homeport org>
Date: Mon, 16 Aug 1999 10:18:36 -0400
On Sun, Aug 15, 1999 at 05:29:13PM -0400, Scot Anderson wrote: | CRC is a Cyclic Redundancy Check. It's a polynomial, calculating a *very* | unique value based on content. Much more effective than a MD5 or any other | checksum. Define *very*. Most CRCs are order 16-32 bits. MD5 is 128 bits. Please also define "more effective". If you mean "fast, cheap," sure. If you mean secure, there are few checksums as useless as a CRC, since bits can trivially be appended to the item under check to confuse it. Adam | In the old days, we used to use this lots with the x/y/zmodem protocols, and | always ended up coding it in assembler for the individual machines to keep | the speed up. | | | -------------- | Scot Anderson | Special Projects Division | www.btg.com | Voice: 703-383-4562 | Fax: 781-685-5824 | Cell: 703-967-9210 | | | | ----- Original Message ----- | From: Choi, Byoung <bchoi () visa com> | To: <Bill_Royds () pch gc ca> | Cc: <firewall-wizards () nfr net> | Sent: Saturday, August 14, 1999 6:22 PM | Subject: RE: File Integrity Check | | | > uhhh.... the "simple checksum" is CRC, isn't it? | > | > doesn't bsd checksum utility generate MD5 instead? | > | > b- | > | > > ---------- | > > From: Bill_Royds () pch gc ca[SMTP:Bill_Royds () pch gc ca] | > > Reply To: Bill_Royds () pch gc ca | > > Sent: Saturday, August 14, 1999 7:10 AM | > > To: Marcus J. Ranum | > > Cc: Russell Enderby; firewall-wizards () nfr net | > > Subject: Re: File Integrity Check | > > | > > What is the opinion of the BSD cksum command for generating hashses for | > > files? | > > It calculates a CRC for the file rather than a simple checksum but is | > > less | > > computationally expensive than MD5. | > > I compromised on this during backups to avoid the MD5 overhead (and | extra | > > downtime) but with some hope that it is harder to fake than the sum | > > checksum. | > > | > > | > > | > > Please respond to "Marcus J. Ranum" <mjr () nfr net> | > > | > > To: Russell Enderby <Russell.Enderby () arris-i com>, | > > firewall-wizards () nfr net | > > cc: (bcc: Bill Royds/HullOttawa/PCH/CA) | > > Subject: Re: File Integrity Check | > > | > > | > > | > > | > > >In pursuit of determining critical system files for modifications I was | > > >thinking the checksum prog 'sum' would be sufficient. Understanding | > > >that time,date, and file size can be modified under the ext2fs/ufs | > > >directory table. Is it possible to also make the 'sum' checksum appear | > > >to be correct? | > > | > > Yes, the "sum" checksum is not particularly resistant to deliberate | > > faking. It's an example of a normal checksum - resistant to accidental | > > changes but not deliberate tampering. | > > | > > >I was under the impression tripwire uses its own special checksum prog | > > >to verify files, although would 'sum' be sufficient as well? If not | > > >does anyone know of better more thorough checksum app? | > > | > > Tripwire's probably the thing to use. It uses a mix of cryptographic | > > checksums including the de facto standard(s) SHA1 and MD5. That type | > > of checksumming algorithm is designed to resistant to deliberate | > > manipulation, and uses a much larger checksum output. It'd require | > > extreme devotion and sophistication to defeat the checksum algorithms | > > (i.e.: a national intelligence agency). That's not likely, since | > > there are easier parts of the system to defeat. | > > | > > In short, I'd suggest using tripwire. If that's not an option for | > > whatever reason, you can also use PGP to generate high quality | > > checksums of files. | > > | > > mjr. | > > -- | > > Marcus J. Ranum, CEO, Network Flight Recorder, Inc. | > > work - http://www.nfr.net | > > home - http://www.clark.net/pub/mjr | > > | > > | > > | > > | > > | > > | > > | > > | > | > | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Current thread:
- File Integrity Check Russell Enderby (Aug 13)
- Re: File Integrity Check Marcus J. Ranum (Aug 13)
- Re: File Integrity Check Darren Reed (Aug 14)
- <Possible follow-ups>
- Re: File Integrity Check Steven M. Bellovin (Aug 13)
- Re: File Integrity Check Antonomasia (Aug 13)
- Re: File Integrity Check Bill_Royds (Aug 14)
- RE: File Integrity Check Choi, Byoung (Aug 15)
- Re: File Integrity Check Scot Anderson (Aug 15)
- Re: File Integrity Check Geva Patz (Aug 16)
- Re: File Integrity Check Adam Shostack (Aug 17)
- Re: File Integrity Check Dave Gillett (Aug 18)
- Re: File Integrity Check Bennett Todd (Aug 17)
- Re: File Integrity Check Scot Anderson (Aug 15)
- Re: File Integrity Check Bill_Royds (Aug 18)
- Re: File Integrity Check Brian Denehy (Aug 20)