Encryption software integrity test

Discussion in 'Computer Security' started by Yoy G0, Jun 20, 2005.

  1. Yoy G0

    Yoy G0 Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I have been an active user of many different encryption software
    products available to general public, but have not yet seen a good
    solution for checking the software's integrity before or during use,
    or at start up of the software. I am refering to a test that can
    prevent the software being subversed, changed, manipulated by a virus
    or otherwise, or at least inform thr user that such an attack has
    taken place.

    Has anybody seen a good solution or idea for this anywhere?

    .-.-.ENCRYPT YOUR EMAIL TO ME.-.-.

    Find my key in these Public Key Servers: keyserver.veridis.com,
    wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
    pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org

    My Key ID: 0x5BE7D95D
    Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D

    -----BEGIN PGP SIGNATURE-----
    Version: N/A

    iQIVAwUBQraKcKJsquNb59ldAQLUBw/+Jiw3ZSAaTyDmV1DO8rhe/lsOrAXJu3Sv
    Fe6U1zvZrLpLiOpTpEW2qW9D26DK6kcJKMFwsCEq9T56AM0/5Ua5eCIo+/1AuhuF
    ZjOpttx2qQfcyJMjQBp3qWyC1aodzZxFCw5WDcOFo7aSidbl9AEl7MyYHG0MGnoR
    /I/GOxOfSUSpJIew24o8xb+XtTsUUcjgB3YfF/95aPIdygd3u8Tm+aUSiENoLhzv
    yIEYjCHKDOe+RxmRzQJZD7FzmJNr0M66S2rm0vMFXCdsSPFqLS1F9eVIpIHx7z0g
    dzSGgLEF91QK5joEPmed5mDbwjXWyvFBFBcAA3rgdofiCqRB4iVZyYVw2wEef2Ep
    5fZWgNHgOCQcgvyLq2c/rmVCaZoKs618wR2sgI8Zf5r2j3yd6KC3t3zH+j8jb+YT
    IQ2lCeprtakuUTpSYSN6+sNNqSLlzcaRhQJx9En4IyC1G3gUcwSI9iLhA2/kE8f6
    adclzCXlZ2PnUIjr7o3WpKPfvW6dEvRu/N3DfEATOZc8MjTJPhNQttPMluqxtNYJ
    V+v2Mik3m/8vpwHrpA61FXbXk6hrnVT0YgMJHmgSDr3UFLnFmUBxYzKWn6B4+775
    Iw050Uxtu0ddPYIseRg9kik7GfOK7+O9HxiWN4dZvWOaw8YeupFEEAZPgALsfPSN
    FtvhDyV8EYs=
    =UClf
    -----END PGP SIGNATURE-----
    Yoy G0, Jun 20, 2005
    #1
    1. Advertising

  2. Yoy G0

    Jim Byrd Guest

    Hi Yoy - See svi Netiv's Integrity Master here for one example:
    http://www.stiller.com/

    --
    Regards, Jim Byrd, MS-MVP
    My, Blog Defending Your Machine, here:
    http://defendingyourmachine.blogspot.com/

    "Yoy G0" <> wrote in message
    news:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > I have been an active user of many different encryption software
    > products available to general public, but have not yet seen a good
    > solution for checking the software's integrity before or during use,
    > or at start up of the software. I am refering to a test that can
    > prevent the software being subversed, changed, manipulated by a virus
    > or otherwise, or at least inform thr user that such an attack has
    > taken place.
    >
    > Has anybody seen a good solution or idea for this anywhere?
    >
    > -.-.ENCRYPT YOUR EMAIL TO ME.-.-.
    >
    > Find my key in these Public Key Servers: keyserver.veridis.com,
    > wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
    > pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org
    >
    > My Key ID: 0x5BE7D95D
    > Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: N/A
    >
    > iQIVAwUBQraKcKJsquNb59ldAQLUBw/+Jiw3ZSAaTyDmV1DO8rhe/lsOrAXJu3Sv
    > Fe6U1zvZrLpLiOpTpEW2qW9D26DK6kcJKMFwsCEq9T56AM0/5Ua5eCIo+/1AuhuF
    > ZjOpttx2qQfcyJMjQBp3qWyC1aodzZxFCw5WDcOFo7aSidbl9AEl7MyYHG0MGnoR
    > /I/GOxOfSUSpJIew24o8xb+XtTsUUcjgB3YfF/95aPIdygd3u8Tm+aUSiENoLhzv
    > yIEYjCHKDOe+RxmRzQJZD7FzmJNr0M66S2rm0vMFXCdsSPFqLS1F9eVIpIHx7z0g
    > dzSGgLEF91QK5joEPmed5mDbwjXWyvFBFBcAA3rgdofiCqRB4iVZyYVw2wEef2Ep
    > 5fZWgNHgOCQcgvyLq2c/rmVCaZoKs618wR2sgI8Zf5r2j3yd6KC3t3zH+j8jb+YT
    > IQ2lCeprtakuUTpSYSN6+sNNqSLlzcaRhQJx9En4IyC1G3gUcwSI9iLhA2/kE8f6
    > adclzCXlZ2PnUIjr7o3WpKPfvW6dEvRu/N3DfEATOZc8MjTJPhNQttPMluqxtNYJ
    > V+v2Mik3m/8vpwHrpA61FXbXk6hrnVT0YgMJHmgSDr3UFLnFmUBxYzKWn6B4+775
    > Iw050Uxtu0ddPYIseRg9kik7GfOK7+O9HxiWN4dZvWOaw8YeupFEEAZPgALsfPSN
    > FtvhDyV8EYs=
    > =UClf
    > -----END PGP SIGNATURE-----
    Jim Byrd, Jun 20, 2005
    #2
    1. Advertising

  3. Yoy G0

    Jim Byrd Guest

    Sorry, should have been Zvi Netiv

    --
    Regards, Jim Byrd, MS-MVP
    My, Blog Defending Your Machine, here:
    http://defendingyourmachine.blogspot.com/

    "Jim Byrd" <> wrote in message
    news:
    > Hi Yoy - See svi Netiv's Integrity Master here for one example:
    > http://www.stiller.com/
    >
    >
    > "Yoy G0" <> wrote in message
    > news:
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> Hash: SHA1
    >>
    >> I have been an active user of many different encryption software
    >> products available to general public, but have not yet seen a good
    >> solution for checking the software's integrity before or during use,
    >> or at start up of the software. I am refering to a test that can
    >> prevent the software being subversed, changed, manipulated by a virus
    >> or otherwise, or at least inform thr user that such an attack has
    >> taken place.
    >>
    >> Has anybody seen a good solution or idea for this anywhere?
    >>
    >> -.-.ENCRYPT YOUR EMAIL TO ME.-.-.
    >>
    >> Find my key in these Public Key Servers: keyserver.veridis.com,
    >> wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
    >> pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org
    >>
    >> My Key ID: 0x5BE7D95D
    >> Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D
    >>
    >> -----BEGIN PGP SIGNATURE-----
    >> Version: N/A
    >>
    >> iQIVAwUBQraKcKJsquNb59ldAQLUBw/+Jiw3ZSAaTyDmV1DO8rhe/lsOrAXJu3Sv
    >> Fe6U1zvZrLpLiOpTpEW2qW9D26DK6kcJKMFwsCEq9T56AM0/5Ua5eCIo+/1AuhuF
    >> ZjOpttx2qQfcyJMjQBp3qWyC1aodzZxFCw5WDcOFo7aSidbl9AEl7MyYHG0MGnoR
    >> /I/GOxOfSUSpJIew24o8xb+XtTsUUcjgB3YfF/95aPIdygd3u8Tm+aUSiENoLhzv
    >> yIEYjCHKDOe+RxmRzQJZD7FzmJNr0M66S2rm0vMFXCdsSPFqLS1F9eVIpIHx7z0g
    >> dzSGgLEF91QK5joEPmed5mDbwjXWyvFBFBcAA3rgdofiCqRB4iVZyYVw2wEef2Ep
    >> 5fZWgNHgOCQcgvyLq2c/rmVCaZoKs618wR2sgI8Zf5r2j3yd6KC3t3zH+j8jb+YT
    >> IQ2lCeprtakuUTpSYSN6+sNNqSLlzcaRhQJx9En4IyC1G3gUcwSI9iLhA2/kE8f6
    >> adclzCXlZ2PnUIjr7o3WpKPfvW6dEvRu/N3DfEATOZc8MjTJPhNQttPMluqxtNYJ
    >> V+v2Mik3m/8vpwHrpA61FXbXk6hrnVT0YgMJHmgSDr3UFLnFmUBxYzKWn6B4+775
    >> Iw050Uxtu0ddPYIseRg9kik7GfOK7+O9HxiWN4dZvWOaw8YeupFEEAZPgALsfPSN
    >> FtvhDyV8EYs=
    >> =UClf
    >> -----END PGP SIGNATURE-----
    Jim Byrd, Jun 20, 2005
    #3
  4. Yoy G0

    Guest

    Yoy G0 wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > I have been an active user of many different encryption software
    > products available to general public, but have not yet seen a good
    > solution for checking the software's integrity before or during use,
    > or at start up of the software. I am refering to a test that can
    > prevent the software being subversed, changed, manipulated by a virus
    > or otherwise, or at least inform thr user that such an attack has
    > taken place.
    >
    > Has anybody seen a good solution or idea for this anywhere?


    Yeah, I even have a patented install procedure

    1. Install/test as root
    2. Run as non-root

    ;-)

    Tom
    , Jun 20, 2005
    #4
  5. Yoy G0

    Tom McCune Guest


    > *** PGP SIGNATURE VERIFICATION ***
    > *** Status: Bad Signature from Invalid Key
    > *** Alert: Signature did not verify. Message has been altered.


    --
    Tom McCune
    My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
    Tom McCune, Jun 20, 2005
    #5
  6. On Mon, 20 Jun 2005 08:48:23 -0700, Yoy G0 <> wrote:

    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >I have been an active user of many different encryption software
    >products available to general public, but have not yet seen a good
    >solution for checking the software's integrity before or during use,
    >or at start up of the software. I am refering to a test that can
    >prevent the software being subversed, changed, manipulated by a virus
    >or otherwise, or at least inform thr user that such an attack has
    >taken place.
    >
    >Has anybody seen a good solution or idea for this anywhere?
    >

    Is this any good?

    MD5 Checksum 1.04

    This is a small Win32 application which is able to calculate the MD5
    digest (some kind of a secure checksum) of the content of any file.

    You can use this tool to ensure that the content of a file wasn't
    altered in any way. If e.g. someone tries to insert malicious code
    into an executable file its MD5 checksum will change and you note that
    something is wrong. Now with a complete HTML help system. Sourcecode
    included.

    http://maakus.dyndns.org/software.html

    Regards,



    --
    Stephen Howard - Woodwind repairs & period restorations
    www.shwoodwind.co.uk
    Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
    Stephen Howard, Jun 21, 2005
    #6
  7. Yoy G0

    Steve Welsh Guest

    MD5 comes as standard with any openssl implementation - Linux, Cygwin,
    etc...

    MUCH easier than repairing a jumped on bassoon, Stephen ;)

    (for the non-musicians, the joke is "What's the difference between a
    bassoon and a trampoline? ..... Nobody takes their shoes off to jump on
    a bassoon")

    Sorry - I'll get me coat.....

    Stephen Howard wrote:
    > On Mon, 20 Jun 2005 08:48:23 -0700, Yoy G0 <> wrote:
    >
    >
    >>-----BEGIN PGP SIGNED MESSAGE-----
    >>Hash: SHA1
    >>
    >>I have been an active user of many different encryption software
    >>products available to general public, but have not yet seen a good
    >>solution for checking the software's integrity before or during use,
    >>or at start up of the software. I am refering to a test that can
    >>prevent the software being subversed, changed, manipulated by a virus
    >>or otherwise, or at least inform thr user that such an attack has
    >>taken place.
    >>
    >>Has anybody seen a good solution or idea for this anywhere?
    >>

    >
    > Is this any good?
    >
    > MD5 Checksum 1.04
    >
    > This is a small Win32 application which is able to calculate the MD5
    > digest (some kind of a secure checksum) of the content of any file.
    >
    > You can use this tool to ensure that the content of a file wasn't
    > altered in any way. If e.g. someone tries to insert malicious code
    > into an executable file its MD5 checksum will change and you note that
    > something is wrong. Now with a complete HTML help system. Sourcecode
    > included.
    >
    > http://maakus.dyndns.org/software.html
    >
    > Regards,
    >
    >
    >
    Steve Welsh, Jun 22, 2005
    #7
  8. Yoy G0

    Unruh Guest

    >>>
    >>>I have been an active user of many different encryption software
    >>>products available to general public, but have not yet seen a good
    >>>solution for checking the software's integrity before or during use,
    >>>or at start up of the software. I am refering to a test that can
    >>>prevent the software being subversed, changed, manipulated by a virus
    >>>or otherwise, or at least inform thr user that such an attack has
    >>>taken place.


    YOu cannot. You can check that your particular implimentation is the same
    as it was (md5, tripwire, sha256,....) but to test that an encryption
    product really is secure can only be done by reading the source code,
    compiling against test vectors (randomly generated) and replacing the
    encryption code and key generation code with known good stuff. The whole
    purpose of even weak crypto is that the output is a random stream.
    People have shown for example that with RSA one can encode the key pair
    into the output in such a way that it is undiscoverable by anyone except
    someone who knows how it was done. The only way you could discover it is by
    looking at the source code, and recompiling the source code yourself on a
    safe compiler.


    >>
    >>
    Unruh, Jun 22, 2005
    #8
  9. Yoy G0

    kurt wismer Guest

    Jim Byrd wrote:
    > Hi Yoy - See svi Netiv's Integrity Master here for one example:
    > http://www.stiller.com/


    ??? integrity master can certainly be found at http://www.stiller.com,
    however it is made by wolfgang stiller, not zvi netiv...

    --
    "they threw a rope around yer neck to watch you dance the jig of death
    then left ya for the starvin' crows, hoverin' like hungry whores
    one flew down plucked out yer eye, the other he had in his sights
    ya snarled at him, said leave me be - i need the bugger so i can see"
    kurt wismer, Jun 22, 2005
    #9
  10. Yoy G0

    Jim Byrd Guest

    Sorry, my apologies to Mr. Stiller - I'd (obviously mistakenly) thought that
    Zvi Netiv was the original developer.

    --
    Regards, Jim Byrd, MS-MVP
    My, Blog Defending Your Machine, here:
    http://defendingyourmachine.blogspot.com/

    "kurt wismer" <> wrote in message
    news:Jr4ue.35707$
    > Jim Byrd wrote:
    >> Hi Yoy - See svi Netiv's Integrity Master here for one example:
    >> http://www.stiller.com/

    >
    > ??? integrity master can certainly be found at http://www.stiller.com,
    > however it is made by wolfgang stiller, not zvi netiv...
    Jim Byrd, Jun 22, 2005
    #10
  11. On Wed, 22 Jun 2005 00:46:17 +0100, Steve Welsh <>
    wrote:

    >MD5 comes as standard with any openssl implementation - Linux, Cygwin,
    >etc...
    >
    >MUCH easier than repairing a jumped on bassoon, Stephen ;)
    >
    >(for the non-musicians, the joke is "What's the difference between a
    >bassoon and a trampoline? ..... Nobody takes their shoes off to jump on
    >a bassoon")
    >
    >Sorry - I'll get me coat.....
    >
    >Stephen Howard wrote:
    >>
    >> Is this any good?
    >>
    >> MD5 Checksum 1.04
    >>
    >> This is a small Win32 application which is able to calculate the MD5
    >> digest (some kind of a secure checksum) of the content of any file.
    >>
    >> You can use this tool to ensure that the content of a file wasn't
    >> altered in any way. If e.g. someone tries to insert malicious code
    >> into an executable file its MD5 checksum will change and you note that
    >> something is wrong. Now with a complete HTML help system. Sourcecode
    >> included.
    >>
    >> http://maakus.dyndns.org/software.html
    >>


    Oooh, don't get me started....




    --
    Stephen Howard - Woodwind repairs & period restorations
    www.shwoodwind.co.uk
    Emails to: showard{whoisat}shwoodwind{dot}co{dot}uk
    Stephen Howard, Jun 22, 2005
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Martin Bilgrav
    Replies:
    2
    Views:
    392
    Martin Bilgrav
    Feb 14, 2004
  2. Guest

    test test test test test test test

    Guest, Jul 2, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    892
    halfalifer
    Jul 2, 2003
  3. Gravel Rash

    Software to test CD-ROM integrity

    Gravel Rash, Jul 8, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    2,990
  4. Rob Slade, doting grandpa of Ryan and Trevor

    REVIEW: "High Integrity Software", John Barnes

    Rob Slade, doting grandpa of Ryan and Trevor, Nov 3, 2003, in forum: Computer Security
    Replies:
    0
    Views:
    505
    Rob Slade, doting grandpa of Ryan and Trevor
    Nov 3, 2003
  5. =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D

    Which hard drive encryption program has the strongest tested encryption & security?

    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D, Sep 24, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    3,773
    Kornholio
    Feb 20, 2008
Loading...

Share This Page