Question: hash and integrity management

laktak / chkbit-py

Check your files for data corruption

MIT License

96 stars 6 forks source link

Question: hash and integrity management #13

Closed antoninoLorenzo closed 3 months ago

antoninoLorenzo commented 4 months ago

Hi, I got here while learning about file integrity, as my understanding of the code the hash of a file is kept in a dictionary in the Index class, so I assume that chkbit cannot guarantee that the file wasn't modified while it wasn't running as it hasn't a persistent hash history; also, it isn't clear to me if there is an alerting mechanism while it is running or you must manually check.

About the first point, I was wondering if a SQLite database wouldn't be a better fit, it would have the advantages of using files and would make it possible to have a persistent history; still, it would also introduce more complexities, such as database management but, more important, the hashes should be encrypted -> the key should be kept somewhere safe.

I would like to know more about the project, given my recent interest in file integrity.

laktak commented 4 months ago

This is explained in the README, see USAGE.

chkbit uses one index file per directory to track hashes.

antoninoLorenzo commented 4 months ago

Yes, I tried it out and I noticed the following:

The hashes are kept inside .chkbit, this solves my question about how are updates managed, however storing the hashes in the file is a vulnerability:

{
    "v":2,
    "idx": {
    "file_to_watch.txt":{
        "mod":1709627283794,
        "a":"blake3",
        "h":"3fba5250be9ac259c56e7250c526bc83bacb4be825f2799d3d59e5b4878dd74e"
    },
    ...
    "idx_hash":"c490ca9fd73829664a0ced0135420858"
}

As an attacker I would modify the files, compute the hash, and manually update them inside .chkbit; when the file owner runs chkbit PATH the hashes are loaded from the modified file; I think you should encrypt the hashes (a symmetric algorithm would be a good fit) and figure out a way to store the private key.

If you think I am missing out on something I would like to be corrected.

laktak commented 3 months ago

Not sure about your usecase. chkbit's job is to detect errors (e.g. flipped bits) or changes (e.g. compression applied to an image/video by a cloud provider). It's not there to protect against an attacker, that would be the job of disk encryption.

antoninoLorenzo commented 3 months ago

Ok, I think that I misunderstood its objective, I thought of it more as a security tool. However, the use case I had in mind was log tampering protection.