From: michael shiplett <michael.shiplett@umich.edu>
To: Dan Marner <dmarner@mis.nu.edu>
Message Hash: 9ce32c0827c733a6d3e194388978bc38dfa5097d729f2ce798c735bb67be77c1
Message ID: <199407092222.SAA12365@totalrecall.rs.itd.umich.edu>
Reply To: <9407081655.AA29629@mis.nu.edu>
UTC Datetime: 1994-07-09 22:22:56 UTC
Raw Date: Sat, 9 Jul 94 15:22:56 PDT
From: michael shiplett <michael.shiplett@umich.edu>
Date: Sat, 9 Jul 94 15:22:56 PDT
To: Dan Marner <dmarner@mis.nu.edu>
Subject: Re: Request: tamper-proofing executables
In-Reply-To: <9407081655.AA29629@mis.nu.edu>
Message-ID: <199407092222.SAA12365@totalrecall.rs.itd.umich.edu>
MIME-Version: 1.0
Content-Type: text/plain
"dm" == Dan Marner <dmarner@mis.nu.edu> writes:
dm> I would appreciate any pointers to documents, source code or
dm> programs that deal with using cryptographic techniques to detect
dm> or prevent modification of executable code. I am looking for
dm> something that uses either a signature or a one-way hash to detect
dm> modifications at run time.
dm> Of particular interest is information on signing a file that
dm> includes the signature as part of the file. Is this possible with
dm> any of the common algorithms?
Claris has or had some checks in their software to attempt to
recognize that the application had been modified. I think this even
detected a (previously unknown?) Macintosh virus.
Regardless, this scheme seems rather susceptible to attack. More
useful is something like tripwire--a regularly run program which keeps
checksums of various files on disk; stores the checksums on apart from
the data; and compares the previous checksum with the current
checksum.
michael
Return to July 1994
Return to “rarachel@prism.poly.edu (Arsen Ray Arachelian)”