MD5 Checksum, Updated
The following is Lorna's update from her diary yesterday:
This update is in response to many emails from the user community about the entry regarding using MD5 checksums. Thanks for writing in and sharing your thoughts!! Many people question the need for using MD5 checksums since a hacker can modify the checksum as well. I don't disagree at all, however, measures can and should be taken to protect the location of where the MD5 checksum is stored so they at least have to work for it. However, the responses that we received enforced the point I was trying to make. Most folks aren't checking them, so why should a hacker go through the trouble of modifying them? We only got one response telling us the hash was wrong for the latest update, maybe only one person downloaded it since we updated it and maybe others simply did not respond about it. However, if a hacker has modified the file, but did not modify the checksum it may save you much pain and confusion if you spot this early. One step farther, if YOU don't know what the checksum is for file your providing, how do you know its not been modified? It wouldn't take much to write a script that checks the values of the MD5 checksums against known good values and ensure they have not be changed or better yet, store them on another server. Keep a copy of the valid checksums on a separate media or burn them onto a CD so you know what the valid hash should be. The MD5 checksum is NOT meant to be a single solution to the problem, but it is a tool that should be part of your security regime.
As a secondary note, we have had questions about what to use to do a md5 checksum on Windows. I personally use MD5sum.exe on my windows systems. A quick search on Google will also point at others that are available. Once again, thanks for all the emails.
MD5 Checksum Tools
For those asking us about tools to check the md5 Checksum in Windows OS, here is a small list of such applications:
- md5sum.exe - from http://www.etree.org/md5com.html
- Unixtools - http://unxutils.sourceforge.net
- md5summer - http://www.md5summer.org
We received some questions from users about the authorities referenced by Lorna on yesterday´s diary.
When we receive such reports,we notify a security contact at the ISP that was providing network access and their upstream ISP.
We provided portions of the information the we receive as
evidence of AUP violation, but always preserving the privacy of user
Once again, thanks for all reports!
handler on Duty: Pedro Bueno (pbueno /AT/ isc.sans.org )
Oct 4th 2004
1 decade ago