adelman@LBL.ARPA (Kenneth Adelman) (08/06/87)
The LOGINOUT.EXE checksums likely differ from machine-to-machine because this image was patched as part of an upgrade. PATCH writes the date and time of the patch into the image, so you would expect no two patches of the same image to end up with the same two checksums. SHOW.EXE (probably) wasn't ever patched as part of an upgrade, hence the same checksum. Kenneth Adelman LBL
ted@MITRE-BEDFORD.ARPA (08/07/87)
In regards to LOGINOUT.EXE checksums; I *think* that there are different versions of LOGINOUT depending on the maximum number of logins that your system allows. When perusing a n-user key tape a while ago, all that I remember seeing was LOGINOUT.EXE. --ted Please, blast me, not the net, if I'm wrong. +-----------------------------------------------------------------------------+ |Arpa: ted@mitre-bedford.arpa | So much time and so little to do... | |Snail: The MITRE Corporation | -Willy Wonka | | Burlington Road | | | Mail Stop B015 | The views expressed herein are that of | | Bedford MA, 01730 | my employer and not necessarily my own. | |DDD: (617) 271-2524 | Whoops, reverse that. | +-----------------------------------------------------------------------------+
LEICHTER-JERRY@YALE.ARPA (08/10/87)
The LOGINOUT.EXE checksums likely differ from machine-to-machine because this image was patched as part of an upgrade. PATCH writes the date and time of the patch into the image, so you would expect no two patches of the same image to end up with the same two checksums. This problem can be avoided by using CHECKSUM/IMAGE rather than just plain CHECKSUM. CHECKSUM/IMAGE, even less well-known than CHECKSUM: - Looks only at the relevant parts of the image, ignoring things like patch dates; - Types out its results, rather than setting CHECKSUM$CHECKSUM; - Accepts wild-card file specs, with default file type .EXE. HOWEVER, LOGINOUT.EXE actually varies a bit from system to system: It's different on VMS and MicroVMS systems because of the multi-user-license restrictions on MicroVMS, and applying different "number of users" licenses also produces different images. So even CHECKSUM/IMAGE will show variations on LOGINOUT from system to system - though it should probably produce the same result on all VMS (as opposed to MicroVMS) systems. I M P O R T A N T C A U T I O N DON'T PUT YOUR FAITH IN CHECKSUM!!! CHECKSUM was NOT intended to be used in security applications. Its algorithm is very simple - basically it just considers the file to consist of a bunch of 4-byte integers and adds them up. It is very easy to ensure that the checksum on a file remains unchanged even as you replace it completely. There do exist "cryptographic checksums" with the property that it is very difficult to make the checksum come out to some pre-specified value. One, based on DES, is approved for this kind of use in banking applications. A PD DES encryption package, with a user interface that supports this checksum mode, has been distributed through Usenet. (The copy I picked up is "Programmed by R.W. Outerbridge; uses Jim Gillogly's DES".) It needs work for effective use on VMS, and, of course, comes with no guarantees. -- Jerry -------