Bugtraq mailing list archives
Re: your mail
From: jmm () elegant com (John Macdonald)
Date: Mon, 16 May 1994 11:37:07 -0400
smb () research att com wrote : || || Neither sum nor crc-32 are worth the bits they're stored in, for || this purpose; both are easy to spoof. If you're going to do it, || do it right: md5. Agreed. || Not that I'm convinced it's a good idea. If an ftp site is compromised, || its ls-lR file and/or its ls command are likely to be dead meat || (dead silicon?) as well. There's also the problem of different || versions, .Z vs .gz, etc. There is one advantage in doing this sort of thing. There is a powerful security advantage in having many off-site copies of the ls-lR+hash file. It is *really* hard for to cracker to spoof a change to an existing file - they have to keep the date and hash values stay the same in the ls-lR file (or else all of the myriad archie servers will note that things have changed and possibly alert the community and it would be *really* hard to crack all of the archie servers at the same time as the original site). If the cracker instead tries to leave the ls-lR files looking as if nothing has happened (which means that the hash value must be left unchanged) then the first time that someone tries to validate the hash (either someone who has downloaded the file, or an automatic validation process on the isame ftp site or a mirror that decides to re-vilidate for some reason) it will be detected. The different versions issue is a significant one (think about the variations in terms of mail/news headers that might be retained from the transfer of the file to the ftp site - that certainly would be the case for news source group archives). -- That is 27 years ago, or about half an eternity in | John Macdonald computer years. - Alan Tibbetts | jmm () Elegant COM
Current thread:
- Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
- Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
- Re: your mail John Macdonald (May 16)
- Re: your mail Steven C. Blair (May 16)
- Re: your mail John Macdonald (May 16)
- Re: your mail Christopher Klaus (May 16)
- Re: your mail Adam Shostack (May 16)
- Re: your mail John Macdonald (May 16)
- Checksums in FTP servers. Scott Northrop (May 16)