Hi, Albretch Mueller wrote: > [...] crc32 [...] 200+K files
Kids, whatever you do with one of the many "CRC-32"s, be aware that the birthday paradox predicts several identical 32-bit outcomes among 200,000 files. In the context of an intrusion detection system, a 32-bit checksum is much too easy to fool. In the face of suspected intentional alteration, i'd not even deem 128-bit MD5 good enough. > Any ideas about how that kind of base lining could be improved, > streamlined? Did you already evaluate existing IDS like the following ? https://packages.debian.org/stable/samhain https://packages.debian.org/stable/systraq https://packages.debian.org/stable/tiger https://packages.debian.org/stable/tripwire (The game of mutual fooling and spoofing needs lot of experience.) Have a nice day :) Thomas
