Re: File Integrity Check

[Adam Shostack <adam () homeport org>]

On Sun, Aug 15, 1999 at 05:29:13PM -0400, Scot Anderson wrote:
| CRC is a Cyclic Redundancy Check.  It's a polynomial, calculating a *very*
| unique value based on content.  Much more effective than a MD5 or any other
| checksum.

Define *very*.  Most CRCs are order 16-32 bits.  MD5 is 128 bits.

Please also define "more effective".  If you mean "fast, cheap," sure.
If you mean secure, there are few checksums as useless as a CRC, since 
bits can trivially be appended to the item under check to confuse it.

Adam


| In the old days, we used to use this lots with the x/y/zmodem protocols, and
| always ended up coding it in assembler for the individual machines to keep
| the speed up.
| 
| 
| --------------
|    Scot Anderson | Special Projects Division | www.btg.com
| Voice: 703-383-4562 | Fax: 781-685-5824 | Cell: 703-967-9210
| 
| 
| 
| ----- Original Message -----
| From: Choi, Byoung <bchoi () visa com>
| To: <Bill_Royds () pch gc ca>
| Cc: <firewall-wizards () nfr net>
| Sent: Saturday, August 14, 1999 6:22 PM
| Subject: RE: File Integrity Check
| 
| 
| > uhhh.... the "simple checksum" is CRC, isn't it?
| >
| > doesn't bsd checksum utility generate MD5 instead?
| >
| > b-
| >
| > > ----------
| > > From: Bill_Royds () pch gc ca[SMTP:Bill_Royds () pch gc ca]
| > > Reply To: Bill_Royds () pch gc ca
| > > Sent: Saturday, August 14, 1999 7:10 AM
| > > To: Marcus J. Ranum
| > > Cc: Russell Enderby; firewall-wizards () nfr net
| > > Subject: Re: File Integrity Check
| > >
| > > What is the opinion of the BSD cksum command for generating hashses for
| > > files?
| > > It calculates a CRC for the file rather than a simple checksum  but is
| > > less
| > > computationally expensive than MD5.
| > >  I compromised on this during backups to avoid the MD5 overhead (and
| extra
| > > downtime) but with some hope that it is harder to fake than the sum
| > > checksum.
| > >
| > >
| > >
| > > Please respond to "Marcus J. Ranum" <mjr () nfr net>
| > >
| > > To:   Russell Enderby <Russell.Enderby () arris-i com>,
| > > firewall-wizards () nfr net
| > > cc:    (bcc: Bill Royds/HullOttawa/PCH/CA)
| > > Subject:  Re: File Integrity Check
| > >
| > >
| > >
| > >
| > > >In pursuit of determining critical system files for modifications I was
| > > >thinking the checksum prog 'sum' would be sufficient.  Understanding
| > > >that time,date, and file size can be modified under the ext2fs/ufs
| > > >directory table.  Is it possible to also make the 'sum' checksum appear
| > > >to be correct?
| > >
| > > Yes, the "sum" checksum is not particularly resistant to deliberate
| > > faking. It's an example of a normal checksum - resistant to accidental
| > > changes but not deliberate tampering.
| > >
| > > >I was under the impression tripwire uses its own special checksum prog
| > > >to verify files, although would 'sum' be sufficient as well?  If not
| > > >does anyone know of better more thorough checksum app?
| > >
| > > Tripwire's probably the thing to use. It uses a mix of cryptographic
| > > checksums including the de facto standard(s) SHA1 and MD5. That type
| > > of checksumming algorithm is designed to resistant to deliberate
| > > manipulation, and uses a much larger checksum output. It'd require
| > > extreme devotion and sophistication to defeat the checksum algorithms
| > > (i.e.: a national intelligence agency). That's not likely, since
| > > there are easier parts of the system to defeat.
| > >
| > > In short, I'd suggest using tripwire. If that's not an option for
| > > whatever reason, you can also use PGP to generate high quality
| > > checksums of files.
| > >
| > > mjr.
| > > --
| > > Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
| > > work - http://www.nfr.net
| > > home - http://www.clark.net/pub/mjr
| > >
| > >
| > >
| > >
| > >
| > >
| > >
| > >
| >
| >
| 

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume