integrit-users

[Integrit-users] integrit-3.05 is out

[Ed L. C. <ec...@gm...>]

Hi, all.  There's been a new release of integrit that includes=20
changes from two developers, Chris Johns and Yuri D'Elia.
Thanks very much to these two for helping to keep integrit
simple, stable, and useful.

It occurs to me to mention on this happy occasion that
a helpful goal for the next integrit release is the removal=20
of the use of md5 in integrit.

The md5 algorithm has been pretty thoroughly broken
within the past year or two, and so using SHA1 exclusively
would be a good move.

Here are the changes for 3.05.

3.05 changes:=20

  Document Chris Johns changes and update Makefile targets
  for developers.

3.04 changes: Applied patches from Yuri D'Elia:

  - configure.in: Added some checks whether -static (or other flags)
  can be used. Under at least OSX (and possibly open darwin) -static
  cannot be used. This patch fix the build on those systems.
  - elcwft.c: reorganized the walk loop. Ignored directories are now
  _really_ ignored (that is, no more "cannot open directory").
  - gnupg/md5.c: fixed broken macro for big endian systems under
  certain compilers.
  - other fixes: Assume checksums to be unsigned char as required by
  gnupg/* (eliminates a dozen of warnings).

Changes from Chris Johns:

Remove the "filetype" change type, and replace it with a new "type"
inode change. So now integrit keeps the S_IFMT mode bits, in the same
way to the permission bits from the file mode, and hence any change to
file type gets flagged in the "stat" change type.

Add a new "devicetype" element in the "stat" change type, to detect when
a character or block special file changes major/minor number.

Finally, treat symbolic links similarly to regular files, in that integrit
computes an SHA-1 checksum for them, but not for the file contents, but
rather for the name in the symlink (using readlink()). Then, if a file
remains a symlink, but points to a different target, that's flagged as an
"SHA-1" change to the file.

Note that the database itself is not affected by this change, since it
contains a 'struct stat' and an SHA-1 checksum string already. The code
simply uses the existing database contents differently now.

--=20
  Ed L. Cashin <ec...@no...>

Re: [Integrit-users] integrit-3.05 is out

[Ed L. C. <ec...@gm...>]

On 9/14/05, Franky Van Liedekerke <lie...@te...> wrote:
...
> SHA seems to be pretty much broken as well, so you might wanna try AES or
> something alike ...

By broken I mean that people can find real collisions
today in a practical amount of time (not, e.g., millenia).

I haven't heard=20
any news like that for SHA-1, but I'd be interested to=20
see any.

--=20
  Ed L. Cashin <ec...@no...>

Re: [Integrit-users] integrit-3.05 is out

[Ed L. C. <ec...@gm...>]

On 9/14/05, Ed L. Cashin <ec...@gm...> wrote:
...
> I haven't heard
> any news like that for SHA-1, but I'd be interested to
> see any.

Google is my friend.

  http://www.schneier.com/blog/archives/2005/02/sha1_broken.html


--=20
  Ed L. Cashin <ec...@no...>