Bugtraq mailing list archives

Re: trojans on ftp sites

From: spaf () cs purdue edu (Gene Spafford)
Date: Sun, 15 May 94 18:05:39 -0500


Simple checksums don't really help -- they are easy to duplicate in any
arbitrary file.  To be of any use, one would need to include a message
digest (a.k.a., secure hash) such as MD5 or Snefru.

That raises problems of standardization, portability, and cpu cycles.
Plus, what do you do it on?  The source file?  The compressed file?
The gzip'ed file?  Each would give a different value, and not every
site has all three.  If you want to uncompress each file, run Snefru
on it, then delete the decompressed version, we are talk serious CPU
load....

If you want more info, you can see some of the discussion of checksums
and message digests in the Tripwire design document, and the
references it cites.

--spaf

Current thread:

Re: trojans on ftp sites, (continued)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- Re: trojans on ftp sites Paul Robinson (May 14)
  - Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
  - Re: your mail John Macdonald (May 16)
    - Re: your mail Steven C. Blair (May 16)
    - Re: your mail John Macdonald (May 16)
    - Re: your mail Christopher Klaus (May 16)
    - Re: your mail Adam Shostack (May 16)
    - Checksums in FTP servers. Scott Northrop (May 16)
- Re: trojans on ftp sites Gene Spafford (May 15)
- Re: trojans on ftp sites Ariel Faigon (May 17)