Creating File Hash

[rpk2006]

Hi,

In my program, I generate the Hash Value of my MDB file with a Hash Algorithm. And, when the program starts, I check this value to check any modifications.

Now, the problem is, where to store the Hash Value which is generated during program exit?

Will it be suitable to store it in a table in MDB file, or in any Text file, so that nobody can tamper this Hash value.

There is always a new solution for the same problem.

Anonymous

 

[jnicks]

Yeah, I store hashes and check before running things like Winsock or Eudora, it takes about a second. Most of the time is given back as the code about to be launched is now in the disk cache.

I just leave the hashes in a text file on the grounds that no one else is doing this and so hackers are not likely to be looking for it. I know "sec by obsc.", but at the moment it is more than enough.


It is very much or than enough to defeat any worm that tries to alter, e.g. Windsock.dll, as no worm is looking for defenses (yet).

Suppose you are in a very vulnerable environment (MIT or NSA).

You could make a chunk of disk encrypted and leave them there. Then you use another password to get at them.

You could put the hash values on a net and then you are as secure as your login.

You could put the hash values in the empty tail space of any file, say command.com, empty space due to clustering. That works as long as someone does not move the file (grin).

If you are doing hashes you could simply handle the encryption yourself, On logon ask for another password and decrypt in place, send the results to a RAM disk to make usre they evaporate on power off.

The bottom line is that Worms are not now looking for hash defense mechanisms. To protect against worm traces you do not now need to protect the hash signatures

If you are concerned about inhouse hackers, you need more defense levels.

The pick of the litters:

Commercial: F-secure FileCrypto.

Free: Scramdisk

Used to be free but they went for the gelt and the scramdisk.clara.net is now no good.

The source is open. You can still pick up binaries by Googling "ScramDisk Download"

example:

http://www.samsimpson.com/sd/sd301r3c.zip

 

[hnd]

Some years ago I have written a Program which I sold. To protect the software from Viruses and to prevent illegal Copying I put an Hash on it. The Hash was stored in the configuration Data file which was protected by an Hash too.
To setup the Hash for the first time I had a small program to do this Job. This software was not delivered with the Software-CD. The Hash is checked during Program initialization, and for Virus Detection it worked in two cases.

hnd
hasso55@yahoo.com

 

[jnicks]

Yes, the technique is fine, the original was Quarantine, from OnDisk software, April 1988, when the only other anti-v processes were Dr. Skulason's F-Prot and David Chess' pattern scanners. Q got some awards as did the others.

By 1990 Quarantine could also check files periodically in a circular list, or stochastically when they were used (not every time) or check across a net, even automatically quarantine and replace affected files or even restore from encrypted, compressed archives, or alert with NetSends.

In 1990 it was the only mechanism that recognized a problem with the first stealth virus, U. Toronto, August if memory serves.

In many ways it was more advanced than the current Tripwire cloneware offering. That happens a lot with cloneware.

 

[pansophic]

Depending on how API savvy you are, you may just want to store the hash value in the Registry. Just add a key and put the hash in it. You can read the key each time you open the file. It requires a couple of Win32API calls, and you would have to pick a hive that makes sense, but it is not very difficult to do.

That is the "Microsoft" way of doing things.

pansophic