I'm working on a solution and one of the features is to check that some files have not been tampered in other words hacked. I was planning on using the MD5 sum with a mixture of created and modified dates, but wanted to see if anybody has done something like this before. I'm using C# at the moment but you could suggest any other language. I just want to hear the technique part of it or architecture.
Asked
Active
Viewed 2,290 times
0
-
Is the application checking it's OWN files or are you writing an audit tool that checks the MD5 of other applications? – NotMe Sep 14 '11 at 18:58
-
2Don't depend on any one single hash. MD5 is relatively trivial to forge these days, and your file could be completely different and yet come out with the same hash. use multiple different hashes (sha1, sha256, md5, etc...). The odds of someone finding a file that produces the same hash in all as your original file are so close to zero as to BE zero. – Marc B Sep 14 '11 at 18:59
-
Other applications and also check for code injection. Like an anti cheat system of sorts. – Michael D. Irizarry Sep 14 '11 at 19:00
1 Answers
3
We have an application that checks file validity for safety reasons. The CRC32 checksums are stored in a separate file using a simple dictionary lookup. Which of CRC32, MD5, or any other hashing/checksumming feature is purely choice: you simply need to know if the file has changed (at least that's what you've said). As each byte of the file is included in the calculation, any changes will be picked up, including simple swapping of bytes.
Don't use file dates: too unreliable and can be easily changed.
GeoffM
- 1,603
- 5
- 22
- 34
-
This isn't entirely true. Small changes will probably be picked up, but there are changes which will preserve any particular hash algorithm you choose. It is definitely not the case that "any changes will be picked up." https://en.wikipedia.org/wiki/Hash_collision – deaton.dg May 21 '21 at 22:49