1 |
On Thu, Mar 25, 2004 at 05:35:09PM +0000, Tom Hosiawa wrote: |
2 |
> What's the difference between tripwire's file signature's, and portage's |
3 |
> md5sum's and mtime's? |
4 |
> |
5 |
> Tom |
6 |
> |
7 |
> |
8 |
> -- |
9 |
> gentoo-security@g.o mailing list |
10 |
> |
11 |
md5sums and mtimes in the portage database can be changed by an |
12 |
attacker. Tripwire's signature is encrypted with a password (actually |
13 |
with a public/private key encryption method, afaik), so the attacker can |
14 |
not change it. |
15 |
|
16 |
-- |
17 |
Michel Wilson michel@×××××××.net |
18 |
PGP key ID 0xD2CB4B7E |