HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 72 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Forensicsarrow File integrity checker (Tripwire), Windows, SHA-1 changed.
EH-Net
May 25, 2012, 05:27:47 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: File integrity checker (Tripwire), Windows, SHA-1 changed.  (Read 4491 times)
0 Members and 1 Guest are viewing this topic.
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« on: April 26, 2010, 05:46:37 AM »
Hey guys

This ones been plaguing my thoughts for a while.  Thus far I have chatted to peers and explored the web.

I monitor a file integrity checker and every so often the hashes change.  The hashes change when new windows patches have been installed.  So it could be that either the windows updates have been installed OR that the server has been rebooted.  Either way I am unclear of why the has would need to be changed.  Huh Shocked
Logged
You Cant Resolve Problems Whilst At WAR!
Ketchup
Hero Member
*****
Offline Offline

Posts: 1006



View Profile
« Reply #1 on: April 26, 2010, 07:18:20 AM »
It depends on what you are monitoring, but cryptographic hashes should not change from a simple reboot.   The exception to this are the dozens of files that do get touched when Windows boots.   

It would help to know where files you are monitoring, but Windows update does replace certain system files on your hard drive.  That's what a patch does.  Since the contents of the files have change, the hash will be different.  When the contents change, the hashes changes.   That's the purpose of a cryptographic hash algorithm. 

http://en.wikipedia.org/wiki/Cryptographic_hash_function
Logged
~~~~~~~~~~~~~~
Ketchup
delusion
Newbie
*
Offline Offline

Posts: 49



View Profile
« Reply #2 on: April 26, 2010, 09:22:34 AM »
That was informative, I was being a bit of a numpty!! Cheers!
Logged
You Cant Resolve Problems Whilst At WAR!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.111 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.