[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Request: tamper-proofing executables



"dm" == Dan Marner <[email protected]> writes:

dm>    I would appreciate any pointers to documents, source code or
dm> programs that deal with using cryptographic techniques to detect
dm> or prevent modification of executable code. I am looking for 
dm> something that uses either a signature or a one-way hash to detect
dm> modifications at run time. 
dm>    Of particular interest is information on signing a file that
dm> includes the signature as part of the file. Is this possible with
dm> any of the common algorithms?
  Claris has or had some checks in their software to attempt to
recognize that the application had been modified. I think this even
detected a (previously unknown?) Macintosh virus.

  Regardless, this scheme seems rather susceptible to attack. More
useful is something like tripwire--a regularly run program which keeps
checksums of various files on disk; stores the checksums on apart from
the data; and compares the previous checksum with the current
checksum.

michael