CryptoSuite v1.050 Features

if in the first field it will have the default self extracting archive directory (the current path), when it would be perfect for me

 

Yes, I t might be good if one could select a folder with the additional ability to make it default ie. A tick box "Would you like to make this the default folder?"
This may also be useful for your .cse encrypt folder & decrypt folder

 

...how about a link "click here to learn more about CryptoSuite"?

Andreas

 

simple detail but important, nice one andreas


As i said in PG forum, i cross here a feature request, even if i know it can't be done for the next version, i which it could be done in a next version.

It has already been asked, but let me give details
The feature would be a database with files fingerprint of files we would choose.
Then a scanner could scan all database files and compare computed fingerprints to those of the database and warn if a modification was discovered.
I would like too in addition of the on demand scanner a real time scanner set to a low process priority (why not a threshold in option) to not eat ressources and which would be permanently scanning files database.
The hash algorithm could be chose, from MD5 to SHA-512 (for very paranoid like me )
The perfect way to accomplish this great feature would be to add an import function, able to import files name in a txt files.
For instance let's say i already done the work for norton AV 2004, i create a file "NAV2004.txt" and anyone having it could import files in his database (eventually in modifying before the root path if it isn't the same).

Example :
FILE BEGIN
Root$ = C:\Program Files\Norton AntiVirus
Root$\nav32.exe
Root$\opscan.exe
.
.
.
FILE END

While importing files, CS could compute inthe fly files fingerprints.
This "import" feature isn't absolutly needed, it just would be a bonus

 

Some ideas about CryptoSuite having File Integrity Checker features.

CS could replace the CRC-test in TDS-3 (already suggested by others too).
Although the CRC-test in TDS-3 is a nice feature, replacing it with the possibilities from CS could make it a lot more useful.

Many of the following ideas are based upon the features of NISFileCheck.
The copyright of NISFileCheck is owned by Albert (who made it, based upon ideas from Joseph).
So it could well be that not all below mentioned ideas can be used, due to that copyright.

The CRC-test of TDS-3 uses only one HASH-algorithm.
Using CS gives the possibility to let the user choose which one of the CS-HASH-algorithms to use.
Using CS gives also the possibility to encrypt the database.

Input:
You have to put files into the TDS3-CRC-database (the file crcfiles.txt which is hardly a database) manually by yourself.
I would like to see the following options:
Add a file by browsing to that file.
Add files based upon their extension and partition (for example all exe files from your C-drive).

Output:
I would like to be able to see the following properties of files in the database:
File with its full path (of course).
Checksum.
Date file is added into the database.
File-size.
File-version.
After running a file-check: file is not-changed, changed, new, deleted.
If a file was changed: date/version/size/checksum old/new.
That date needs to be very carefully chosen and defined.

Other output options:
Export record(s) to a text-file and/or a CSV-file.

Filters:
Use filters upon the database.
For example:
Only new files, only deleted files, only changed files.
The possibility to filter for some string of characters in a certain field of the records in the database:
For example all files containing the character-string “tds”.


I’m sure that there are lots of other things you could think of.
Anyone familiar with NISFileCheck will recognize where those ideas come from.

 

I hope this is not getting too off-topic

All you file-integrity-checkers, have you taken a look at Simple Nomad's md5-tool (Poor Man's tripwire) at http://www.nmrc.org/project/ ?
It's linux shell scripts but should be possible with batch-/cmd-files, too. Maybe some day I'll find the time to add it to Dan's NTIDA...

anyway, here's the logic I have in mind, probably some of Jan's suggestions can be added:

1. Builddb.bat:

Code:

recursive dir *.exe *.dll *.sys > filelist.txt
cse.exe --hash --allalgos --inputfile filelist.txt --outputfile filedb.txt
cse.exe --encrypt --input filedb.txt --output a:\filedb.cse
cse.exe --delete filedb.txt filelist.txt

2. Checkdb.bat:

Code:

recursive dir *.exe *.dll *.sys > filelist.txt
cse.exe --hash --allalgos --inputfile filelist.txt --outputfile filedb.txt
cse.exe --decrypt --input a:\filedb.cse --output filedb.old
diff filedb.txt filedb.old > results.txt
cse.exe --delete filedb.txt filedb.old filelist.txt

Something like this...
In my linux system, I have an archive with several rootkit checkers which is unpacking all the files it needs itself in a cron-job, maybe something like this can be done with CSE as well (not unattended of course, because of the password prompt, but to ensure integrity of the tools used to audit the system)...


CU,
Andreas

 

Thanks for mentioning the DEFAULT directory. It should be the one the EXE was run from + the filename of the EXE, something like this.

filename: c:\cryptofiles\cse_file.exe


Should default to extract all the files c:\cryptofiles\cse_file\

-Jason-

 

What kind of options are you guys wanting regarding the file integrity checking. I was thinking of using just MD5.. but would you guys prefer being able to specify the checksum(s) and what other options are needed to make it worthwhile?

What I was thinking currently was these options :-
1) Add Files To CheckSum List (possibly specifying which checksum(s) to use? )
2) Compare Files in Checksum List (to work out if any changed, and list the ones which have)

Is anything else needed or not?

-Jason-

 

I think that our post describe you in detail what we would want

To answer to your question :

1) yes, at least offer MD5 and SHA-1, the best would be to let us choose between CS algorithms (if we have a fast CPU we can choose higher).

2) this method could be a solution to the pb i had with trying NIS File Check,
if you display all files (i had more than 5000!) it's unreadable.
I think it's better to only show new/modified files, with a maximum of information like the old/new date, ol/new hash, old/new size, etc...
NIS FC has filters to choose how to view the list, may be it's a solution, but as default what you said sounds good.

 

Yes thanks for reminding me . I just re-read FanJ's last post and I guess that includes everything. Will have to get on top of it

-Jason-

 

Jason, Like your new Avatar - Have a Karma cookie to slice

 

The old avatar "Ryu" was good too

But anyway, a karma cookie too to be in touch with your cutsomers

 

RYU didn't work well with Wilders due to the size constraints. I think this one is ok.

Thanks guys!

-Jason-

 

1) I would first like to second the suggestion of a virtual drive. That would make things very convenient.

2) Maybe support for a keyring or something.

3) I think this was hinted at on the first page or perhaps similar to the suggestions in the first page. Once I have selected the files I want to encrypt I use the browse option to search for a location I want to save the encrypted files to. Instead of having to name the encrypted file again, how about an option to just encrypt the files using the original names. That way you just browse to the folder you want and press save. This is just personal preference though, and I can see the reasoning behind the way it is set up now.

4) I was also thinking of an option to securely delete the original file after it has been encrypted. Maybe, have it turned off by default and one would have to checkmark this option in "settings." Some type of warning should also be given to the user when using or activating this as well, I suppose.

5) The help file is very intuitive, but a search function would also be nice.

Thank you for the consideration.

I also like your new avatar Jason! Haohmaru is good, but he is no Jubei

 

Jason: From your screenshot, all you can do is extract the contents into a directory. Can you add the option to View or run just one from there? I usually want just one file, not all of them.

Gary

 

Gary, well I will have it extract all at in the next version. More options may come in the future, but for every option added, it adds more size to the EXE file, which a lot of people won't be happy about.

Thanks for your suggestions rerun, they have been noted.

-Jason-

 

Actually, if you are keeping a list of Priorities, size should be high on it. When I tell people of CS, I mention all it does, then say the installer is less then 1 meg.

Very impressive.

Gary

 

It might just creep over a meg in the next version. Packed full of Christmas goodness.

-Jason-

 

>It might just creep over a meg in the next version. Packed full of Christmas goodness

With a portrait of our beloved DCS team singing and playing jingle bells! for us. Somebody might fly a reindeer over for the event!

 

yes!

it would be a nice chrismas gift ^^

For the song, i suggest Gavin on the left, Jason in the middle, and Wayne on the right.
Please, if you give us aan avi file or an mpeg, don't do it more than 50MB, thx

 

http://64.91.255.87/forum/images/smilies/xmas.gifhttp://64.91.255.87/forum/images/smilies/guitarist.gifhttp://64.91.255.87/forum/images/smilies/drummer.gif

http://64.91.255.87/forum/images/smilies/jumping.gif

What kind of stegano is this? with soundwav!

 

Watch it Jooske, LWM might get jealous with all these new smilies

 

Just use my referral link in my sig to the forum to get them all
but don't forget to login to avoid this http://64.91.255.87/forum/images/smilies/wall.gif
Dance to the christmas music!
LWM's smileys have no stegano included .. yet (i think)

Some more to join the party
http://64.91.255.87/forum/images/smilies/bigcry.gifhttp://64.91.255.87/forum/images/smilies/sing.gifhttp://64.91.255.87/forum/images/smilies/cheers.gif

 

I hope to have this version out in 1 or 2 days. The beta testers already have one beta from the new version, and will be getting a new one tonight. So far it looks like everything is running smoothly, the new features work as they should already. Just some small fine-tuning.

-Jason-

 

The CS server will be down for a few minutes during the 1,050 B2 install back on soon