Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!mit-eddie!uw-beaver!tektronix!reed!omen!caf
From: caf@omen.UUCP
Newsgroups: comp.sys.ibm.pc,sci.crypt
Subject: Re: Stopping Trojans
Message-ID: <519@omen.UUCP>
Date: Wed, 15-Apr-87 20:46:08 EST
Article-I.D.: omen.519
Posted: Wed Apr 15 20:46:08 1987
Date-Received: Sat, 18-Apr-87 03:48:06 EST
References: <537@faline.bellcore.com>
Reply-To: caf@.UUCP (PUT YOUR NAME HERE)
Organization: Omen Technology Inc, Portland Oregon
Lines: 33
Xref: utgpu comp.sys.ibm.pc:2974 sci.crypt:317

In article <537@faline.bellcore.com> karn@faline.bellcore.com (Phil R. Karn) writes:
:I've read one too many Trojan Horse reports. I'm tired of hearing about
:people having their hard disks wiped out by jerks with a strange sense of
:humor. They must come from the same crowd that puts cyanide into Tylenol.
:
:I think I have a possible technical solution to the problem. What's needed
:is a way for any user to verify that the program he just downloaded from a
:BBS is uncorrupted.  One way is to publish in, say, Byte Magazine a list of
:"checksums" for all popular shareware programs.  A nervous user could then
:recompute the checksum and compare it to the published value.  The problem
:is then reduced to making sure that there are no malicious hackers on the
:magazine staff who could change the checksum values before they are
:published.

Unless everybody used Kermit, YMODEM, or ZMODEM to transfer the file,
different copies of the same file would have random bytes of garbage
appended to them by the XMODEM transfers most programs use.  This would
upset any reasonable checksumming program, including the proposed DES
mutant.

Even if everbody used ZMODEM and got the file transferred without
alteration, the time required to collect, verify, and publish official
checmsums means the information will be somewhat out of date by the time
it is published.  In addition, magazines might not wish to expose
themselves to lawsuits resulting from dissemination of incorrect checksum
information.

Chuck Forsberg WA7KGX Author of Pro-YAM communications Tools for PCDOS and Unix
...!tektronix!reed!omen!caf  Omen Technology Inc "The High Reliability Software"
  17505-V Northwest Sauvie Island Road Portland OR 97231  Voice: 503-621-3406
TeleGodzilla BBS: 621-3746 2400/1200  CIS:70007,2304  Genie:CAF  Source:TCE022
  omen Any ACU 1200 1-503-621-3746 se:--se: link ord: Giznoid in:--in: uucp
  omen!/usr/spool/uucppublic/FILES lists all uucp-able files, updated hourly