 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / January 2008How would you do this?
I would like my application to check an outside file (dll) to see that it has not been modified or tampered with. Is it possible to somehow generate a unique hashcode from the file itself and check that? If so, what method would you use? Or is there other (better) solutions? Cheers, Johnny J. >I would like my application to check an outside file (dll) to see that it >has not been modified or tampered with. > >Is it possible to somehow generate a unique hashcode from the file itself >and check that? If so, what method would you use? Yes it is possible. Since you seem to have a security related purpose to this then I would sugget one of the cryptographic hash functions, either SHA256 or SHA512. Both of these are available in .NET: System.Security.Cryptography.SHA256Managed and System.Security.Cryptography.SHA512Managed If you need some general background then the Wikipedia article is a good introduction: http://en.wikipedia.org/wiki/Cryptographic_hash_function >Or is there other (better) solutions? Probably not, this is one of the problems that cryptographic hash functions are designed to solve. rossum >Cheers, >Johnny J. > I would like my application to check an outside file (dll) to see that > it has not been modified or tampered with. Did you compile the DLL yourself? If you did, you could sign the DLL which will give you a signature. Then using reflection you can check the signatures: http://groups.google.com/group/microsoft.public.dotnet.framework/msg/7ccd12 b8770b0714 Depending on what you're doing, I think this check can be done declaratively in the .config file. > Is it possible to somehow generate a unique hashcode from the file > itself and check that? If so, what method would you use?  Signaturespamhoneypot@rogers.com (Do not e-mail) > I would like my application to check an outside file (dll) to see that it > has not been modified or tampered with. [quoted text clipped - 6 lines] > Cheers, > Johnny J. I got a few questions: - tampered by who? - and why? - and when? The answers to those questions would be handy to have because... what if the same person modifies your program too? Replacing that hash for instance? You could, technically, produce a cryptographic hash of the file, and sign it with an asymmetric cryptography algorithm, which would make it impossible for someone without your private key to change the file and then produce a new hash. However, that same person could just as easily change the program so that it either didn't check the dll, or just used his/her crypto keys instead. So it all depends on how paranoid you intend to be :) SignatureLasse Vågsæther Karlsen mailto:lasse@vkarlsen.no http://presentationmode.blogspot.com/ PGP KeyID: 0xBCDEA2E3 True I don't want to try to make my system 100% fool proof, because that is of course not possible. But I do want to provide some sort of security. The ways you describe to circumvent that security are of course possible... /Johnny >> I would like my application to check an outside file (dll) to see that it >> has not been modified or tampered with. [quoted text clipped - 25 lines] > > So it all depends on how paranoid you intend to be :) Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.