Configuration file protection needed

views:

answers:

+1 Q:

Configuration file protection needed

I have requirement to make sure that the configuration file is not tampered. It is simple key-value pair file. However I also do not want any strong encryption mechanism like AES and so on to ensure that the data in it is encrypted. I just want to ensure that I know that the file was tampered. Some way in which a simple protection is provided.

Please share your thoughts.

Calculate sha512 and store somewhere / sign with cryptographic key ?

TBH 2010-10-27 11:15:29

Thanks. So should I be storing the hash value( SHA512) of the file in my code and then always compare to check if someone tampered it?

Yani 2010-10-27 11:18:24

Pretty much, yes.

TBH 2010-10-31 22:49:42

You can apply a cryptographically strong hash function on the file's contents, and verify whether the function's result has changed. However, that's the easy part. The difficult parts come next.

Where and how do you store the hash function's result, so that an adversary can't change it to match the tampered file's contents?
How do you ensure that your program's code that performs the verification isn't tampered?

If your program runs on a hardware and software platform that you can't control (e.g. a typical PC installation), then securely solving these problems is impossible. The best you can do is to obfuscate your program's operation in order to make it difficult for the adversary to crack your system.

Diomidis Spinellis 2010-10-27 11:22:40

ansaurus

tags:

views:

answers:

Configuration file protection needed

related questions