Bugtraq mailing list archives
Re: your mail
From: cklaus () shadow net (Christopher Klaus)
Date: Sun, 15 May 94 0:19:45 EDT
From: Paul Robinson <PAUL () TDR COM> Organization: Tansin A. Darcos & Company, Silver Spring, MD USA ----- Brent Chapman <brent () greatcircle com>, writes:The problem is, how would the Archie servers determine the checksums? The Archie servers don't download all the files; they merely connect to each FTP server and get a recursive directory listing, which they then massage into their database. To get the checksums, they'd either have to download every file (very impractical, given the amount of stuff out there), or get the checksum info from the FTP server they're talking to. There's currently no standard way (hell, there's not even any reasonably COMMON way) to get checksum info from FTP servers.Which brings up another question: WHICH checksum do they use? Most useful, say, for MSDOS clients would be the CRC-32 checksum which is used by Zmodem and PKZIP, and a file stored in a Zip archive, if checked on a file, would match. On a Unix site, the two-word result from 'sum' would be appropriate and most useful.
No way. sum is easily changed to any value you want. i suggest something as strong as md5.
For other places, MD5 would be better and provides a stronger check than CRC-32. So which do you use, and how do you know which of these you are getting? And how do we get a CRC request added to the list of FTP commands, or the data supplied from them? --- Paul Robinson - Paul () TDR COM Voted "Largest Polluter of the (IETF) list" by Randy Bush <randy () psg com> ----- The following Automatic Fortune Cookie was selected only for this message: Lassie looked brilliant, in part because the farm family she lived with was made up of idiots. Remember? One of them was always getting pinned under the tractor, and Lassie was always rushing back to the farmhouse to alert the other ones. She'd whimper and tug at their sleeves, and they'd always waste precious minutes saying things: "Do you think something's wrong? Do you think she wants us to follow her? What is it, girl?", etc., as if this had never happened before, instead of every week. What with all the time these people spent pinned under the tractor, I don't see how they managed to grow any crops whatsoever. They probably got by on federal crop supports, which Lassie filed the applications for. -- Dave Barry
-- Christopher William Klaus <cklaus () shadow net> <iss () shadow net> Internet Security Systems, Inc. 2209 Summit Place Drive,Dunwoody GA 30350-2430. (404)998-5871.
Current thread:
- Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
- Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
- Re: your mail John Macdonald (May 16)
- Re: your mail Steven C. Blair (May 16)
- Re: your mail John Macdonald (May 16)
- Re: your mail Christopher Klaus (May 16)
- Re: your mail Adam Shostack (May 16)
- Re: your mail John Macdonald (May 16)
- Checksums in FTP servers. Scott Northrop (May 16)