AIX 5L Version 5.3 Cryptographic Sum Command

Abstract

For security, AIX 5L Version 5.3 offers the new sum command. This Technote highlights this new function for administrators and script authors.

For related information about this topic, refer to the following IBM Redbooks publication:
AIX 5L Differences Guide Version 5.3 Edition, SG24-7463-00

Contents




Users often use the sum command to generate a checksum to verify the integrity of a file. However, it is possible for two distinct files to generate the same checksum. A cryptographic sum command, csum, has been implemented in AIX 5L Version 5.3 that offers a more reliable tool to verify file integrity. This command allows users to generate message digests using the AIX Cryptographic Library. The new, cryptographic, checksum is considered more secure than the old mechanism. While it is reasonably straightforward to construct data that will match the checksum generated by the sum command; it is computationally infeasible to construct data to generate a known cryptographic checksum, as provided by csum.

csum allows users the option to select the algorithm that they prefer, including both MD5 and SHA-1, which are considered secure. It is estimated that the order of 2**64 operations would be required to derive two different files, which generate the same MD5 message digest. Also, the order of 2**128 operations would be needed to derive a file that would generate a specified MD5 message digest.

csum aids in improving the AIX e-fix upgrade process. It offers users a mechanism to verify that a file has not been tampered with or corrupted during download.

The csum command is installed as part of the bos.rte.commands fileset.

Special Notices

This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a client responsibility and depends upon the client's ability to evaluate and integrate them into the client's operational environment.

Profile

Publish Date
07 December 2004

Last Update
10 December 2004


Rating: Not yet rated


Author(s)

IBM Form Number
TIPS0472