Re: Hash database

To: debian-security@lists.debian.org
Subject: Re: Hash database
From: Peer Janssen <peer@baden-online.de>
Date: Sat, 09 Apr 2005 20:28:06 +0200
Message-id: <[🔎] 42581EB6.8000102@baden-online.de>
Reply-to: peer@baden-online.de
In-reply-to: <[🔎] 4257E3BB.50403@starcomitalia.com>
References: <[🔎] 4257D2DF.6060501@starcomitalia.com> <[🔎] 20050409134013.GQ31499@citadelle.homelinux.net> <[🔎] 4257E3BB.50403@starcomitalia.com>

Raffaele D'Elia schrieb:

Unfortunatly not. I want to verify each file installed using .deb'sagainst the md5sum written inside the .deb itself.Debsum does this storing the hashes locally. I want the same controlover a central db, independent from the machine I'm running debsums on.

There used to be a page http://www.nsrl.nist.gov/Downloads.htm (it seemsto be down, at least from my non-us place), but it's in the googlecache:http://64.233.183.104/search?q=cache:6XVCDNiTBSMJ:www.nsrl.nist.gov/Downloads.htm+NIST+NSRL+%22RDS+2.8%22&hl=de.

There you can/could download the NIST NSRL (NIST National SoftwareReference Library). These are hash databases which are used inforensics. They get/buy a lot of software and establish a big hashdatabase of all these software. So if police takes your computer, theyuse these hashes to put aside all the known good files (standardsoftware) and then check the rest for allowed/bad content. This cutsdown 50-95% of their work.


debian is probably in there, so this might be what you need.

There is another sites called http://knowngoods.org/ with a similarpurpose. I'm not sure if you can get the hashdb, maybe somewhere ontheir site it is. There are other similar projects.

It would indeed be good if there were a debian database with all thehashes of all published programs (all files: the .debs AND all theircontents, of simply everything). This would help to spot problems. Youcould have a disk to boot from which collects all the hashes, and thencheck these on another known good system with all the hashes. If then"ls" or any other program had a bad hash, you know what you need to replace.

The disk could be a standalone mini-linux, which writes the hashes as.gz on a (or more) disk(s), or send them over the network.

A complete hash database could also be put on a CD used to analyze thesystem and tell all known OS files which don't have the expected hash.

For creating the hash database, it's only some script which looks at allthe debs and their content, checks ths md5s/sha1s, and compiles the infoat a single place. No rocket science.


Peer

Reply to:

References:
- Hash database
  - From: Raffaele D'Elia <r.delia@starcomitalia.com>
- Re: Hash database
  - From: Almut Behrens <almut-behrens@gmx.net>
- Re: Hash database
  - From: Raffaele D'Elia <r.delia@starcomitalia.com>

Prev by Date: Re: Hash database
Next by Date: Re: Hash database
Previous by thread: Re: Hash database
Next by thread: Re: Hash database
Index(es):
- Date
- Thread