Re: RFE: Could crc32 be included in the debian live/installation disk?
Hi,
Albretch Mueller wrote:
> [...] crc32 [...] 200+K files
Kids, whatever you do with one of the many "CRC-32"s, be aware that the
birthday paradox predicts several identical 32-bit outcomes among 200,000
files.
In the context of an intrusion detection system, a 32-bit checksum is
much too easy to fool. In the face of suspected intentional alteration,
i'd not even deem 128-bit MD5 good enough.
> Any ideas about how that kind of base lining could be improved,
> streamlined?
Did you already evaluate existing IDS like the following ?
https://packages.debian.org/stable/samhain
https://packages.debian.org/stable/systraq
https://packages.debian.org/stable/tiger
https://packages.debian.org/stable/tripwire
(The game of mutual fooling and spoofing needs lot of experience.)
Have a nice day :)
Thomas
Reply to: