Re: Debian audititing tool?

To: debian-security@lists.debian.org
Subject: Re: Debian audititing tool?
From: Pavel Minev Penev <kal_pav@sz.techno-link.com>
Date: Tue, 26 Dec 2000 21:27:53 +0200
Message-id: <[🔎] 20001226212753.A20383@smash.it.local>
Mail-followup-to: debian-security@lists.debian.org
Reply-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20001226172707.A15924@cloud.warpsolutions.ru>; from dginsburg@mail.ru on Tue, Dec 26, 2000 at 05:27:07PM +0300
References: <[🔎] 20001221211506.A14827@ignuthuam> <[🔎] 20001221133919.G27036@bofh.de> <[🔎] 20001226172707.A15924@cloud.warpsolutions.ru>

On Tue, Dec 26, 2000 at 05:27:07PM +0300, dginsburg@mail.ru wrote:
> Of course plain md5 hashes are not very helpful. But we can keep MAC[1] for
> binaries. Tampering with MAC database is useless.
>
> ...
>
> [1] Message Authentication Code. One of possible ways to compute MAC is
> H(K,H(K,M)) where H is one-way hash function (MD5 or better SHA), K is key, M
> is message (protected binary).

Hey, I'm not very good at crypto; however, I was wondering what prevents the
intruder from regenerating the MAC data-base (and what is the point of the
double hashing you have stated as "H(K,H(K,M))"?).

Sorry if off-topic (though a nice critical note would be fine).

And don't forget to be gay (at least on Christmas),
-- 
Pavel M. Penev

Reply to:

Follow-Ups:
- Re: Debian audititing tool?
  - From: Daniel Ginsburg <dg@warpsolutions.com>

References:
- Debian audititing tool?
  - From: Peter Eckersley <pde@cs.mu.oz.au>
- Re: Debian audititing tool?
  - From: Christian Kurz <shorty@debian.org>
- Re: Debian audititing tool?
  - From: dginsburg@mail.ru

Prev by Date: Re: Debian audititing tool?
Next by Date: Re: Debian audititing tool?
Previous by thread: Re: Debian audititing tool?
Next by thread: Re: Debian audititing tool?
Index(es):
- Date
- Thread