Gentoo Archives: gentoo-security

From: Michel Wilson <michel@×××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] tripwire policy generator
Date: Thu, 25 Mar 2004 22:43:09
Message-Id: 20040325224253.GA25694@aeon.hgd.net
In Reply to: Re: [gentoo-security] tripwire policy generator by Tom Hosiawa
1 On Thu, Mar 25, 2004 at 05:35:09PM +0000, Tom Hosiawa wrote:
2 > What's the difference between tripwire's file signature's, and portage's
3 > md5sum's and mtime's?
4 >
5 > Tom
6 >
7 >
8 > --
9 > gentoo-security@g.o mailing list
10 >
11 md5sums and mtimes in the portage database can be changed by an
12 attacker. Tripwire's signature is encrypted with a password (actually
13 with a public/private key encryption method, afaik), so the attacker can
14 not change it.
15
16 --
17 Michel Wilson michel@×××××××.net
18 PGP key ID 0xD2CB4B7E

Replies

Subject Author
Re: [gentoo-security] tripwire policy generator Tom Hosiawa <tomek32@××××××.com>