[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

On 00-12-26 Rainer Weikusat wrote:
> Christian Kurz <shorty@debian.org> writes:
> > > Debsums seems to help a little bit - you can expect to catch some less-clueful
> > > intruders with it, but it doesn't help in general.
> > 
> > debsums just uses md5sums which can be manipulated on the one hand and
> > on the other hand you modify binaries so that the md5sum will still be
> > the same.

> So you've effectively broken MD5 in a way that would yield useful
> results (ie would allow you to replace a specific binary with another
> specific binary, not with some more or less random garbage). How came
> it that you weren't prominently mentionend in this month's cryptogram?

Small adnotation to this: If someone would have read the whole
discussion about this, he would have found my explanation of this
statement. But seems like some people always read only some mails and
then make their assumptions. :(

          Debian Developer and Quality Assurance Team Member
    1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgpOriaMXmGud.pgp
Description: PGP signature

Reply to: