校验和，CRC或更好的东西？ [英] Checksum, CRC or something better?

问题描述

您好，


我正在申请在我们当地的法医学中使用

部门...

除此之外，该应用程序将连接到数码相机并下载

图像到硬盘驱动器。出于各种原因，我需要能够用

来确定硬盘上的图像与

相机上的图像完全相同......任何关于最佳方式的想法实现这个目标......？


我可以对每个图像进行校验和比较，但不确定如何在代码中实现
，或者是否有更好的方法。仅仅检查文件大小

匹配是不足以在法庭上站起来。


任何建议表示赞赏，特别是如果包含示例代码（可以是

必要的经典VB）。 .Net可能会在框架中建立这样的内容吗？


干杯

Hi there,

I am working on an application to be used in our local Forensics
department...

Among other things the app will connect to a digital camera and download the
images to the hard drive. For various reasons I need to be able to say with
certainty that the image on the hard drive is exactly what was on the
camera... any ideas on best way to achieve this...?

I could do a checksum of each image and compare this but not sure how to
implement in code or if there is a better way. Merely checking the file size
matches is not sufficient to stand up in Court.

Any suggestions appreciated, especially if sample code included (can be
classic VB if necessary). Does .Net perhaps have something like this built
into the Framework?

Cheers

推荐答案

" Bob" < bo*@nospam.com> skrev i en meddelelse

新闻：eq ************** @ TK2MSFTNGP12.phx.gbl ...

"Bob" <bo*@nospam.com> skrev i en meddelelse
news:eq**************@TK2MSFTNGP12.phx.gbl...

你好，

我正在开发一个应用程序，用于我们当地的取证部门......

其他应用程序将连接到数码相机并下载
图像到硬盘。出于各种原因，我需要能够说出
，确定硬盘上的图像与
相机上的图像完全相同......有关实现此目的的最佳方法的任何想法......？

我可以对每个图像进行校验和比较，但不确定如何在代码中实现或者有更好的方法。仅仅检查文件$ ​​b $ b大小匹配是不足以在法庭上站起来。

任何建议表示赞赏，特别是如果包含示例代码（如果需要可以是经典VB）。 .Net可能在框架中有这样的内容吗？

干杯

Hi there,

I am working on an application to be used in our local Forensics
department...

Among other things the app will connect to a digital camera and download the images to the hard drive. For various reasons I need to be able to say with certainty that the image on the hard drive is exactly what was on the
camera... any ideas on best way to achieve this...?

I could do a checksum of each image and compare this but not sure how to
implement in code or if there is a better way. Merely checking the file size matches is not sufficient to stand up in Court.

Any suggestions appreciated, especially if sample code included (can be
classic VB if necessary). Does .Net perhaps have something like this built
into the Framework?

Cheers

嗨鲍勃，

看看
http://www.vbaccelerator.com/home/NE...32/article.asp ，

也许你可以使用其中一些。

-

Lasse

Hi Bob,
Have a look at
http://www.vbaccelerator.com/home/NE...32/article.asp ,
maybe you can use some of this.

--
Lasse

嗨鲍勃，


这是写一个样品给你。


进口系统

进口System.IO

进口System.Security.Cryptography

模块模块1

Sub Main（）

Dim fs As FileStream = New FileStream（" c：\ dafen.jpg"，

FileMode.Open，FileAccess.Read）

Dim arr（fs.Length）As Byte

fs.Read（arr，0，fs.Length）

fs.Close（）

Dim tmpHash（）As Byte

tmpHash =新MD5CryptoServiceProvider（）。ComputeHash（arr）

fs =新FileStream（" c：\dafen1.jpg"，FileMode.Open，FileAccess.Read）

fs.Read（arr，0，fs.Length）

Dim tmpNewHash（）As Byte

tmpNewHash = New MD5CryptoServiceProvider（）。ComputeHash（arr）

Dim bEqual As Boolean

如果tmpNewHash.Length = tmpHash.Length然后

Dim i As Integer

Do While（i< tmpNewHash.Length）AndAlso（tmpNewHash（i）=

tmpHash（i））

i + = 1

Loop

如果i = tmpNewHash.Length则

bEqual = True

结束如果

结束如果

如果bEqual然后

Console.WriteLine（两个哈希值是相同的）

否则

Console.WriteLine（" the two hash）值不一样）

结束如果

结束次级

结束模块


如何TO：使用Visual Basic .NET计算和比较哈希值
http://support.microsoft.com/default...b;en-us;301053


如果您有任何相关问题你可以在这里发帖。


问候，

Peter Huang

微软在线合作伙伴支持

安全！ www.microsoft.com/security

此帖子是提供按原样没有保证，也没有赋予任何权利。

--------------------

Hi Bob,

Here is write a sample for you.

Imports System
Imports System.IO
Imports System.Security.Cryptography
Module Module1
Sub Main()
Dim fs As FileStream = New FileStream("c:\dafen.jpg",
FileMode.Open, FileAccess.Read)
Dim arr(fs.Length) As Byte
fs.Read(arr, 0, fs.Length)
fs.Close()
Dim tmpHash() As Byte
tmpHash = New MD5CryptoServiceProvider().ComputeHash(arr)
fs = New FileStream("c:\dafen1.jpg", FileMode.Open, FileAccess.Read)
fs.Read(arr, 0, fs.Length)
Dim tmpNewHash() As Byte
tmpNewHash = New MD5CryptoServiceProvider().ComputeHash(arr)
Dim bEqual As Boolean
If tmpNewHash.Length = tmpHash.Length Then
Dim i As Integer
Do While (i < tmpNewHash.Length) AndAlso (tmpNewHash(i) =
tmpHash(i))
i += 1
Loop
If i = tmpNewHash.Length Then
bEqual = True
End If
End If
If bEqual Then
Console.WriteLine("The two hash values are the same")
Else
Console.WriteLine("The two hash values are not the same")
End If
End Sub
End Module

HOW TO: Compute and Compare Hash Values by Using Visual Basic .NET
http://support.microsoft.com/default...b;en-us;301053

If you have any related question, you may post the question here.

Regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.
--------------------

From：" Bob" < bo*@nospam.com>
主题：Checksum，CRC或更好的东西？
日期：2003年10月21日星期二16:35:12 +1000
行：21 X-Priority：3
X-MSMail-Priority：正常
X-Newsreader：Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE：由Microsoft MimeOLE制作V6.00.2800.1165 新闻组：microsoft.public.dotnet.languages.vb
NNTP -Posting-Host：202-44-189-210.nexnet.net.au 202.44.189.210
路径：cpmsftngxa06.phx.gbl！TK2MSFTNGP08.phx.gbl！TK2MSFTN GP12.phx.gbl
外部参照：cpmsftngxa06.phx.gbl microsoft.public.dotnet.languages.vb:148560
X-Tomcat-NG：microsoft.public.dotnet.languages.vb

你好，
我正在开发一个应用程序，用于我们当地的取证部门......

其他应用程序将连接到数码相机并下载
硬盘驱动器的图像。出于各种原因，我需要能够肯定地说，硬盘上的图像正是相机上的图像......任何关于实现此目的的最佳方法的想法......？

我可以对每个图像进行校验和比较，但不确定如何在代码中实现或者有更好的方法。仅仅检查文件$ ​​b $ b sizematches不足以在法庭上站立。

任何建议都值得赞赏，特别是如果包含示例代码（如果需要可以是经典的VB）。 .Net可能在框架中有这样的内容吗？

干杯

From: "Bob" <bo*@nospam.com>
Subject: Checksum, CRC or something better?
Date: Tue, 21 Oct 2003 16:35:12 +1000
Lines: 21
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Message-ID: <eq**************@TK2MSFTNGP12.phx.gbl>
Newsgroups: microsoft.public.dotnet.languages.vb
NNTP-Posting-Host: 202-44-189-210.nexnet.net.au 202.44.189.210
Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP12.phx.gbl
Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.languages.vb:148560
X-Tomcat-NG: microsoft.public.dotnet.languages.vb

Hi there,

I am working on an application to be used in our local Forensics
department...

Among other things the app will connect to a digital camera and download theimages to the hard drive. For various reasons I need to be able to say with
certainty that the image on the hard drive is exactly what was on the
camera... any ideas on best way to achieve this...?

I could do a checksum of each image and compare this but not sure how to
implement in code or if there is a better way. Merely checking the file sizematches is not sufficient to stand up in Court.

Any suggestions appreciated, especially if sample code included (can be
classic VB if necessary). Does .Net perhaps have something like this built
into the Framework?

Cheers

嗨鲍勃，


你是对的......你想要做的事情必须正确完成......不允许出错。


校验和应该只用于纠错，而不是邪恶的人进来。校验和是简单的功能，可以利用相同的校验和创建假文件。


你应该使用哈希算法。哈希算法的工作方式类似于校验和;您提供输入（任何文件或任何长度的任何缓冲区），算法返回哈希值（也称为摘要，固定大小的字节数组）。不同之处在于哈希算法是复杂的加密函数，并且有几种通常被认为是完全安全的。从技术上讲，哈希算法是单向函数;一个无法逆转的数学函数;所以摘要不能被反转以获得输入（或了解它的任何信息）。输入中的单个位差异导致完全不同的摘要。最重要的是，找不到计算相同哈希值的另一个输入是不可能的。散列算法广泛用于数据完整性验证。


您不需要实现散列算法，因为Framework已经有几个（MD5，SHA，具有不同的摘要大小，在位）。例如，SHA512Managed为您提供的任何文件或缓冲区返回64字节摘要。示例：


Dim path As String =" c：\ myfile.dat"

Dim stream As New IO.FileStream（path，IO.FileAccess 。阅读）

Dim sha As New Security.Cryptography.SHA512Managed

Dim digest（）As Byte = sha.ComputeHash（stream）


如果您不打算将摘要存储为文件，并且更喜欢数据库的字符串，请将其转换为Base64编码：

Dim hashString As String = Convert.ToBase64String（digest）


就是这样。如果要验证文件是否相同或已更改（例如特洛伊木马），则计算哈希并将新摘要与存储的摘要进行比较。如果它们匹配，你可以确定文件是完全相同的，如果它们不是，你也确定它以某种方式被改变了。


法医是另一个故事...哈希是好的检查数据完整性，但这只是一个大难题的一小部分;计算机取证是一个非常复杂的世界。大多数作业必须在实验室中完成，并且需要特殊硬件才能在硬盘上进行数据恢复读数。有可能在一段时间内破坏系统，然后完全按原样返回它，不留任何曲目......哈希可以告诉你系统不再受到损害，但不会在设置之前做出令人讨厌的事情。文件恢复正常。


在法庭上站起来......这取决于什么是正常的。如果你想证明两个文件是不同的，我的答案是肯定的，法院会根据哈希值接受它。哈希是基于数字签名和代码签名证书;公共密钥密码学的另一项主要技术;并且站起来了。但就是这样。哈希值并不能证明是Alice攻击Bob的服务器，或者办公室PC中的键盘记录器是由老板放置的。私人取证可能不会在法庭上站起来，如果您采取法律行动，则不建议使用。如果你想采取合法的方式，让警方进行取证。如果您只是想快速了解系统上的操作，请保存可能存在的所有重要数据，并进行格式化以便系统再次快速恢复业务，将其带到私人实验室...不管怎么样，不要如果您不是专家，请对严重案件进行取证。


问候，

Mario

" Bob" < bo*@nospam.com>在留言新闻中写道：eq ************** @ TK2MSFTNGP12.phx.gbl ...

Hi Bob,

You are right... what you want to do must be done correctly... no mistakes allowed.

Checksums should be used only for error correction, not where evil people may come in. Checksums are simple functions, that can be exploited to create fake documents with the same checksum.

You should use an hash algorithm. An hash algorithm works like a checksum; you provide the input (any file or any buffer with any length), and the algorithm returns the hash value (also called digest, a fixed size array of bytes). The difference is hash algorithms are complex cryptographic functions, and there are several commonly accepted as completely secure. Technically an hash algorithm is an one-way function; a mathematical function that can''t be reversed; so that the digest can''t be reversed to get the input (or know anything about it). A single bit difference in the input results in a completly different digest. Most important, it''s not possible to find another input that computes to the same hash. Hash algorithms are widely used for data integrity verification.

You don''t need to implement the hash algorithm, because the Framework already has several (MD5, SHA, with different digest sizes, in bits). SHA512Managed for instance returns a 64 bytes digest for any file or buffer you supply as input. Example:

Dim path As String = "c:\myfile.dat"
Dim stream As New IO.FileStream(path, IO.FileAccess.Read)
Dim sha As New Security.Cryptography.SHA512Managed
Dim digest() As Byte = sha.ComputeHash(stream)

If you are not going to store the digest as a file, and prefer a string for a database, convert it to Base64 encoding:
Dim hashString As String = Convert.ToBase64String(digest)

That''s it. When you want to verify if a file if the same or was changed (trojan horse, for instance), you compute the hash and compare the new digest with the one you had stored. If they match, you can be sure the file is exactly the same, if they dont, you are also sure it was changed somehow.

Forensics is another story... hash is good to check data integrity, but that''s only a small piece of the big puzzle; computer forensics is a very complex world. Most jobs must be done in a lab, and require special hardware, to make data recovery readings on hard disks. It''s possible to compromise a system for a while, and then return it exactly the way it was, leaving no tracks... Hash can tell you the system is no longer compromised, but not what nasty stuff was done before settings and files returned to normal.

To stand up in Court... it depends of what is standing up for. If you want to prove two files are different, my answer is yes, the Court will accept it based on the hash values. Hashes are on the base of digital signatures and code signing certificates; where another major technology is present, public key cryptography; and that stand up too. But that''s it. Hash values are no proof that it was Alice who hacked Bob''s server, or that the keylogger found in the office PC was placed by the boss. Private forensics may not stand up in court, and are not recommended if you are taking legal actions. If you want to go the legal way, let the police do the forensics. If you just want to know fast what was done on your system, save any important data that may be there, and format so that the system returns quickly into business again, take it to a private lab... one way or another, dont do forensics on serious cases if you are no expert.

Regards,
Mario
"Bob" <bo*@nospam.com> wrote in message news:eq**************@TK2MSFTNGP12.phx.gbl...

你好，

我是致力于在我们当地的取证部门使用的应用程序......

其他应用程序将连接到数码相机并将
图像下载到硬盘驱动器。出于各种原因，我需要能够肯定地说，硬盘上的图像正是相机上的图像......任何关于实现此目的的最佳方法的想法......？

我可以对每个图像进行校验和比较，但不确定如何在代码中实现或者有更好的方法。仅仅检查文件大小
匹配是不足以在法庭上站起来。

任何建议表示赞赏，特别是如果包含示例代码（如果需要可以是经典VB）。 .Net可能在框架中有这样的内容吗？

干杯

Hi there,

I am working on an application to be used in our local Forensics
department...

Among other things the app will connect to a digital camera and download the
images to the hard drive. For various reasons I need to be able to say with
certainty that the image on the hard drive is exactly what was on the
camera... any ideas on best way to achieve this...?

I could do a checksum of each image and compare this but not sure how to
implement in code or if there is a better way. Merely checking the file size
matches is not sufficient to stand up in Court.

Any suggestions appreciated, especially if sample code included (can be
classic VB if necessary). Does .Net perhaps have something like this built
into the Framework?

Cheers

这篇关于校验和，CRC或更好的东西？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！