From: | Tom Hosiawa <tomek32@××××××.com> | ||
---|---|---|---|
To: | gentoo-security@l.g.o | ||
Subject: | Re: [gentoo-security] tripwire policy generator | ||
Date: | Thu, 25 Mar 2004 22:50:11 | ||
Message-Id: | 1080236970.10506.11.camel@newton.tomek.ca | ||
In Reply to: | Re: [gentoo-security] tripwire policy generator by Michel Wilson |
1 | > md5sums and mtimes in the portage database can be changed by an |
2 | > attacker. Tripwire's signature is encrypted with a password (actually |
3 | > with a public/private key encryption method, afaik), so the attacker can |
4 | > not change it. |
5 | |
6 | Yes, but does it also create it own md5sum or does it use something else |
7 | for the file signature? |
8 | |
9 | Tom |
10 | |
11 | |
12 | -- |
13 | gentoo-security@g.o mailing list |
Subject | Author |
---|---|
Re: [gentoo-security] tripwire policy generator | Michel Wilson <michel@×××××××.net> |