Results 1  10
of
21
The design and implementation of Tripwire: A file system integrity checker
 IN PROCEEDINGS OF THE 2ND ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY
, 1994
"... At the heart of most computer systems is a file system. The file system contains user data, executable programs, configuration and authorization information, and (usually) the base executable version of the operating system itself. The ability to monitor file systems for unauthorized or unexpected c ..."
Abstract

Cited by 199 (8 self)
 Add to MetaCart
At the heart of most computer systems is a file system. The file system contains user data, executable programs, configuration and authorization information, and (usually) the base executable version of the operating system itself. The ability to monitor file systems for unauthorized or unexpected changes gives system administrators valuable data for protecting and maintaining their systems. However, in environments of many networked heterogeneous platforms with different policies and software, the task of monitoring changes becomes quite daunting. Tripwire is tool that aids UNIX system administrators and users in monitoring a designated set of files and directories for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or altered files, so corrective actions may be taken in a timely manner. Tripwire may also be used on user or group files or databases to signal changes. This paper describes the design and implementation of the Tripwire tool. It uses interchangeable "signature" routines to identify changes in files, and is highly configurable. Tripwire is nocost software, available on the Internet, and is currently in use on thousands of machines around the world.
Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection
, 1994
"... Tripwire is an integrity checking program written for the UNIX environment. It gives system administrators the ability to monitor file systems for added, deleted, and modified files. Intended to aid intrusion detection, Tripwire was officially released on November 2, 1992. It is being actively used ..."
Abstract

Cited by 69 (2 self)
 Add to MetaCart
Tripwire is an integrity checking program written for the UNIX environment. It gives system administrators the ability to monitor file systems for added, deleted, and modified files. Intended to aid intrusion detection, Tripwire was officially released on November 2, 1992. It is being actively used at thousands of sites around the world. Published in volume 26 ofcomp.sources.unix on the USENET and archived at numerous FTP sites around the world, Tripwire is widely available and widely distributed. It is recommended by various computer security response teams, including the CERT and CIAC. This paper begins by motivating the need for an integrity checker by presenting a hypothetical situation any system administrator could face. An overview of Tripwire is then described, emphasizing the salient aspects of Tripwire configuration that supports its use at sites employing modern variants of the UNIX operating system. Experiences with how Tripwire has been used in “in the field ” are then presented, along with some conjectures on the prevalence and extent of system breakins. Novel uses of Tripwire and notable configurations of Tripwire are also presented.
NearCollisions of SHA0
, 2004
"... In this paper we find two nearcollisions of the full compression function of SHA0, in which up to 142 of the 160 bits of the output are equal. We also find many full collisions of 65round reduced SHA0, which is a large improvement to the best previous result of 35 rounds. We use ..."
Abstract

Cited by 61 (0 self)
 Add to MetaCart
In this paper we find two nearcollisions of the full compression function of SHA0, in which up to 142 of the 160 bits of the output are equal. We also find many full collisions of 65round reduced SHA0, which is a large improvement to the best previous result of 35 rounds. We use
HAVAL  A OneWay Hashing Algorithm with Variable Length of Output
, 1993
"... A oneway hashing algorithm is a deterministic algorithm that compresses an arbitrary long message into a value of specified length. The output value represents the fingerprint or digest of the message. A cryptographically useful property of a oneway hashing algorithm is that it is infeasible to fi ..."
Abstract

Cited by 51 (17 self)
 Add to MetaCart
A oneway hashing algorithm is a deterministic algorithm that compresses an arbitrary long message into a value of specified length. The output value represents the fingerprint or digest of the message. A cryptographically useful property of a oneway hashing algorithm is that it is infeasible to find two distinct messages that have the same fingerprint. This paper proposes a oneway hashing algorithm called HAVAL. HAVAL compresses a message of arbitrary length into a fingerprint of 128, 160, 192, 224 or 256 bits. In addition, HAVAL has a parameter that controls the number of passes a message block (of 1024 bits) is processed. A message block can be processed in 3, 4 or 5 passes. By combining output length with pass, we can provide fifteen (15) choices for practical applications where different levels of security are required. The algorithm is very efficient and particularly suited for 32bit computers which predominate the current workstation market. Experiments show that HAVAL is 60%...
Cryptographic Hash Functions: A Survey
, 1995
"... This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions ..."
Abstract

Cited by 35 (7 self)
 Add to MetaCart
This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions.
Tiger: A Fast New Hash Function
 Fast Software Encryption, Third International Workshop Proceedings
, 1996
"... Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for Snefru were found in 1990, and recently a collision of MD4 was also found. This casts doubt on how l ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
Among those cryptographic hash function which are not based on block ciphers, MD4 and Snefru seemed initially quite attractive for applications requiring fast software hashing. However collisions for Snefru were found in 1990, and recently a collision of MD4 was also found. This casts doubt on how long these functions' variants, such as RIPEMD, MD5, SHA, SHA1 and Snefru8, will remain unbroken. Furthermore, all these functions were designed for 32bit processors, and cannot be implemented efficiently on the new generation of 64bit processors such as the DEC Alpha. We therefore present a new hash function which we believe to be secure; it is designed to run quickly on 64bit processors, without being too slow on existing machines.
Constructing symmetric ciphers using the CAST design procedure
 DESIGNS, CODES, AND CRYPTOGRAPHY
, 1997
"... This paper describes the CAST design procedure for constructing a family of DESlike SubstitutionPermutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and relatedkey cryptanalysis, along with a number of other desirable ..."
Abstract

Cited by 21 (1 self)
 Add to MetaCart
This paper describes the CAST design procedure for constructing a family of DESlike SubstitutionPermutation Network (SPN) cryptosystems which appear to have good resistance to differential cryptanalysis, linear cryptanalysis, and relatedkey cryptanalysis, along with a number of other desirable cryptographic properties. Details of the design choices in the procedure are given, including those regarding the component substitution boxes (sboxes), the overall framework, the key schedule, and the round function. An example CAST cipher, an output of this design procedure, is presented as an aid to understanding the concepts and to encourage detailed analysis by the cryptologic community.
A Framework for the Design of OneWay Hash Functions Including Cryptanalysis of Damg˚ard’s OneWay Function Based on a Cellular Automaton
 Advances in cryptology  ASIACRYPT '91, Lecture Notes in Computer Science
, 1993
"... At Crypto ’89 Ivan Damg˚ard [1] presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collision free function with input of constant length that it is based upon. He also gave three examples ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
At Crypto ’89 Ivan Damg˚ard [1] presented a method that allows one to construct a computationally collision free hash function that has provably the same level of security as the computationally collision free function with input of constant length that it is based upon. He also gave three examples of collision free functions to use in this construction. For two of these examples collisions have been found[2] [3], and the third one is attacked in this paper. Furthermore it is argued that his construction and proof, in spite of their theoretical importance, encourage inefficient designs in the case of practical hash functions. A framework is presented for the direct design of collision free hash functions. Finally a concrete proposal is presented named Cellhash. 1
Second preimages on nbit hash functions for much less than 2^n work
"... We expand a previous result of Dean [Dea99] to provide a second preimage attack on all nbit iterated hash functions with DamgårdMerkle strengthening and nbit intermediate states, allowing a second preimage to be found for a 2 kmessageblock message with about k × 2 n/2+1 +2 n−k+1 work. Using RI ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
We expand a previous result of Dean [Dea99] to provide a second preimage attack on all nbit iterated hash functions with DamgårdMerkle strengthening and nbit intermediate states, allowing a second preimage to be found for a 2 kmessageblock message with about k × 2 n/2+1 +2 n−k+1 work. Using RIPEMD160 as an example, our attack can find a second preimage for a 2^60 byte message in about 2^106 work, rather than the previously expected 2^160 work. We also provide slightly cheaper ways to find multicollisions than the method of Joux [Jou04]. Both of these results are based on expandable messages–patterns for producing messages of varying length, which all collide on the intermediate hash result immediately after processing the message. We provide an algorithm for finding expandable messages for any nbit hash function built using the DamgårdMerkle construction, which requires only a small multiple of the work done to find a single collision in the hash function.
Identitybased cryptography standard (IBCS) #1: Supersingular curve implementations
 of the BF and BB1 cryptosystems”, IETF RFC 5091
, 2007
"... This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. IESG Note This document specifies two mathematical algorithms for identity based encryption (IBE). Due to its specialized nature, this document exp ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. IESG Note This document specifies two mathematical algorithms for identity based encryption (IBE). Due to its specialized nature, this document experienced limited review within the IETF. Readers of this RFC should carefully evaluate its value for implementation and deployment. This document describes the algorithms that implement BonehFranklin (BF) and BonehBoyen (BB1) Identitybased Encryption. This document is in part based on IBCS #1 v2 of Voltage Security’s Identitybased Cryptography Standards (IBCS) documents, from which some irrelevant