[Aide] security question
Rick van Rein
rick at openfortress.nl
Mon Jun 25 13:14:17 EEST 2007
Hello Andy,
> - put the aide binary and the configuration files for each machine on a
> floppy disk, which i'll set as read only.
Good idea. Floppy disks are immensely useful because AFAIK their
write protection is hardware-enforced. Of course there is a need to
trust in your OS kernel which mounts the floppy.
Using statically bound binaries is definately an important idea.
> Is this safe? I assume it is, but I don't know the state of play with
> people trying to break md5sum, and maybe there's something else I
> haven't thought of.
In general, MD5 is not advised for security use. Nor is SHA1. Common
practice is now to use SHA256.
MD5 may actually be fine in the app you have in mind, but I'd advise you
to avoid getting bogged down at this level of detail on hashes, but to
just pick a modern checksum.
Cheers,
Rick van Rein,
Cryptographer
OpenFortress Digital signatures
http://openfortress.nl/
More information about the Aide
mailing list