MD5 (was Re: Antivirus software will ignore FBI spyware:solutions)

Steven Furlong sfurlong at acmenet.net
Mon Dec 3 12:19:01 PST 2001


Gil Hamilton wrote:
> 
> Karsten Self writes:
> >Defeat:  create a log buffer file of fixed size, logged activity changes
> >its contents, but not the size of the file.  E.g.:  a filesystem image
> >file under GNU/Linux.  Techniques could be used to maintain a constant
> >global MD5 checksum to defeat other detection attempts.
> 
> What techniques could be used to do this?  MD5 has some weaknesses,
> but creating collisions still is not trivial.  Unless you know
> something I don't.

I interpreted that not as working around MD5, but as working around the
procedure which would use MD5 to get a single number for an entire file
system.

Example: mark the logging software's keylog file as a device file, which
wouldn't be processed by the file system checksum procedure. When the
logger needs to write to its log, the file type is changed to "ordinary"
and then back to "device" again.


-- 
Steve Furlong, Computer Condottiere     Have GNU, will travel





More information about the cypherpunks-legacy mailing list