Re: MD5 sums of individual files?

To: <pmoffitt@wrv.com>, <debian-security@lists.debian.org>
Subject: Re: MD5 sums of individual files?
From: "Dan Rowles" <daniel.rowles@weboutcome.com>
Date: Thu, 29 Mar 2001 21:04:56 +0100
Message-id: <[🔎] 021401c0b88b$9901a280$8100a8c0@internal.weboutcome.com>
References: <[🔎] 003001c0b885$2a73b0c0$48bb42cf@mis1.wrv.com>

----- Original Message -----
From: "Pat Moffitt" <pmoffitt@wrv.com>
To: <debian-security@lists.debian.org>
Sent: Thursday, March 29, 2001 8:19 PM
Subject: RE: MD5 sums of individual files?


> It is more than possible.  There are people that have figured out how to
pad
> a file to make the checksums the same.  They don't have to worry about the
> fact that your checksums cannot be changed because they will fake theirs
to
> match.  This is much more work and would require that the hacker have more
> skills than the regular script kiddy.


If you're using SHA / MD5 / RIPE this should be next to impossible, as these
algorithms are designed to protect against exactly this sort of attack. With
SHA, which produces a 160-bit hash, it should take you around 2^^80 messages
before you find 2 that have the same hash, and about 2^^159 before you can
find one which has the same hash as one of mine.

Of course, if you're using CRC32 for your checksum, that's a much easier
problem :)

Dan




>
> Pat Moffitt
> MIS Administrator
> Western Recreational Vehicles, Inc.
>
>
> > -----Original Message-----
> > From: Don Laursen [mailto:don@darkphoton.com]
> > Sent: Thursday, March 29, 2001 10:40 AM
> > To: debian-security@lists.debian.org
> > Subject: RE: MD5 sums of individual files?
> >
> >
> > Ok with that said, how feasable is it for a cracker to install their
> > rootkit, and mimic the checksummed files to match the contents of the
> > floppy? Wouldn't he/she just have to unmount the exising floppy drive,
> > remount it to his/her pseudo check sums?
> >
> > I'm probably missing the howto detail where the alert is generated
before
> > rootkit is installed.
> >
> >
> >
> > Thanks,
> > Don
> >
> >
> > > Yes, sorry, I wasn't clear about that.  The floppy is mounted RO, plus
> > > the disk's tab is moved to the RO position.  I agree... I
> > > wouldn't feel
> > > comfortable or safe if the floppy was just mounted RO.
> > >
> >
> > >> Another way to do this is to install the AIDE package, that performs
an
> > checksum
> > >> to certain files that you specify in the configuratio by the
> > way tripwire
> > do
> > >> it... It's so easy to install and send you an e-mail notifying
> > the daily
> > results
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> >
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

References:
- RE: MD5 sums of individual files?
  - From: "Pat Moffitt" <pmoffitt@wrv.com>

Prev by Date: Re: MD5 sums of individual files?
Next by Date: Re: MD5 sums of individual files?
Previous by thread: RE: MD5 sums of individual files?
Next by thread: Re: MD5 sums of individual files?
Index(es):
- Date
- Thread