-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have been an active user of many different encryption software products available to general public, but have not yet seen a good solution for checking the software's integrity before or during use, or at start up of the software. I am refering to a test that can prevent the software being subversed, changed, manipulated by a virus or otherwise, or at least inform thr user that such an attack has taken place. Has anybody seen a good solution or idea for this anywhere? .-.-.ENCRYPT YOUR EMAIL TO ME.-.-. Find my key in these Public Key Servers: keyserver.veridis.com, wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de, pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org My Key ID: 0x5BE7D95D Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D -----BEGIN PGP SIGNATURE----- Version: N/A iQIVAwUBQraKcKJsquNb59ldAQLUBw/+Jiw3ZSAaTyDmV1DO8rhe/lsOrAXJu3Sv Fe6U1zvZrLpLiOpTpEW2qW9D26DK6kcJKMFwsCEq9T56AM0/5Ua5eCIo+/1AuhuF ZjOpttx2qQfcyJMjQBp3qWyC1aodzZxFCw5WDcOFo7aSidbl9AEl7MyYHG0MGnoR /I/GOxOfSUSpJIew24o8xb+XtTsUUcjgB3YfF/95aPIdygd3u8Tm+aUSiENoLhzv yIEYjCHKDOe+RxmRzQJZD7FzmJNr0M66S2rm0vMFXCdsSPFqLS1F9eVIpIHx7z0g dzSGgLEF91QK5joEPmed5mDbwjXWyvFBFBcAA3rgdofiCqRB4iVZyYVw2wEef2Ep 5fZWgNHgOCQcgvyLq2c/rmVCaZoKs618wR2sgI8Zf5r2j3yd6KC3t3zH+j8jb+YT IQ2lCeprtakuUTpSYSN6+sNNqSLlzcaRhQJx9En4IyC1G3gUcwSI9iLhA2/kE8f6 adclzCXlZ2PnUIjr7o3WpKPfvW6dEvRu/N3DfEATOZc8MjTJPhNQttPMluqxtNYJ V+v2Mik3m/8vpwHrpA61FXbXk6hrnVT0YgMJHmgSDr3UFLnFmUBxYzKWn6B4+775 Iw050Uxtu0ddPYIseRg9kik7GfOK7+O9HxiWN4dZvWOaw8YeupFEEAZPgALsfPSN FtvhDyV8EYs= =UClf -----END PGP SIGNATURE-----
Is this any good? MD5 Checksum 1.04 This is a small Win32 application which is able to calculate the MD5 digest (some kind of a secure checksum) of the content of any file. You can use this tool to ensure that the content of a file wasn't altered in any way. If e.g. someone tries to insert malicious code into an executable file its MD5 checksum will change and you note that something is wrong. Now with a complete HTML help system. Sourcecode included. http://maakus.dyndns.org/software.html Regards,
MD5 comes as standard with any openssl implementation - Linux, Cygwin, etc... MUCH easier than repairing a jumped on bassoon, Stephen (for the non-musicians, the joke is "What's the difference between a bassoon and a trampoline? ..... Nobody takes their shoes off to jump on a bassoon") Sorry - I'll get me coat.....
YOu cannot. You can check that your particular implimentation is the same as it was (md5, tripwire, sha256,....) but to test that an encryption product really is secure can only be done by reading the source code, compiling against test vectors (randomly generated) and replacing the encryption code and key generation code with known good stuff. The whole purpose of even weak crypto is that the output is a random stream. People have shown for example that with RSA one can encode the key pair into the output in such a way that it is undiscoverable by anyone except someone who knows how it was done. The only way you could discover it is by looking at the source code, and recompiling the source code yourself on a safe compiler.
??? integrity master can certainly be found at http://www.stiller.com, however it is made by wolfgang stiller, not zvi netiv...
Sorry, my apologies to Mr. Stiller - I'd (obviously mistakenly) thought that Zvi Netiv was the original developer.
