1999-08-13-15:09:24 Jeff Duffy:
> Any checksum program alone is not sufficient to guarantee file
> integrity.
Well, yes and no. Some simple checksums, like the arithmetic sum of bytes mod
65535 (System V sum(1)) or a Cyclical Redundancy Checksum (e.g. BSD sum(1))
are easy to fake.
And any checksum that's short enough so that it's practical to try testing
more distinct modifications of the file than there are possible values of the
checksum can be brute-forced.
MD5 is a cryptographically strong checksum, which means that (barring a
successful crack of MD5) there's no known way to directly compute the
modification needed to a file to make it match a checksum, short of
brute-force trial and error --- and trying 2**128 anythings takes forever. If
you don't have to match a specific sum, but just find any two files with the
same sum, it's easier --- but still impractical.
> While md5 checksumming is indeed a bit more secure than the standard *nix
> sum, there are plenty of cracker kits out there that contain tools to modify
> files in such a way that the md5sum remains the same.
Could you please point at a source for such a kit? Or could you please produce
an example file whose MD5 sum matches
50489244b4036b4d476fd165f6de9373
which I just made with
dd if=/dev/random bs=1024 count=1 | md5
If MD5 has been cracked, it's news to me, and it means that security protocols
that use public key encryption of MD5 checksums for digital signatures are
blown. Scary prospect, that.
> Tripwire improves the odds by using md5 summing and SHA hashes in
> conjunction to verify file integrity. You can modify a file so one or
> the other will still match the original sum, but the odds of being able
> to modify and match both are astronomical.
You can't actually modify a file so it will still match either one; that's
what crypto checksums are for. Tripwire uses a whole array of checksums
because it's cool to include the flexibility to let the admin pick what
checksum or sums they like best. But as long as you use a serious crypto
checksum like MD5, one is plenty.
That's one of the things I like about MD5; it includes an MD5 for every file
in the rpm, so as long as you keep offline, archival copies of the rpms of
everything you install, you've got the database you need to do an audit if you
suspect you might have been burgled. You can set up the facilities to do the
same trick with tripwire, but you're not likely to have done so before you
need it, people being lazy the way they are. Whereas rpms are so useful for
automating building of machines that they're likely to be archived for other
purposes besides security paranoia.
-Bennett
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
