



                             CHK-SAFE 2.01

Don Peters and I (Bill lambdin) saw a need for some way to check the
integrity of A-V files.

CHK-SAFE would not have been possible without the following people.
 
 Vesselin Vladimirov Bontchev        
 Keith A. Peer
 Don Peters
 David Wagner

I have seen many attempts to perform an integrity check of files in the
past, and unfortunately; they have all had shortcomings of one type or
another.
 

        Listing the contents of archives in Echo-Mail conferences.

This is pretty good, but archivers only use 32 bit CRCs. With 32 bit CRCs
the odds of bad data getting through is 4.3 billion to one.

This is very good at detecting change from line noise with modems, or by a
virus. However; there is a good possibility of someone deliberately
modifying bytes in a buffer area until the CRCs would match.


        Signing an archive with PGP (Pretty Good Privacy)

This would offer absolute proof of integrity, but unfortunately, there are
        many problems with this approach.
 
Many BBSs convert archive types, The signature would not match the archive 
        though file integrity may be 100%

Many BBSs add comments to the archives. Again the signature would report
        change. when the file integrity may be 100%.

Many BBSs place ads in the archives. Again the signature would fail when the
        integrity of the files may be 100%.

To test the integrity of archives in this manner, you would have to use
PGP, and have a public key for the developer.

Not everyone has access to the PGP key servers on Internet. 

A hacker could forge a key pair with anyone's name and Internet ID. By
distributing the modified archive, and forged public key to the same BBSs,
some users would use the forged key and believe the archive was valid, and
run the program with disastrous results. However; users with the authentic
key would not be fooled.

 
        PASS.

This routine uses PGP signatures with the 32 bit CRCs described earlier.
Unfortunately, this has all of the problems accompanied with both.
 

        CHKFILE CRCs

I used to distribute CRCs for executable files of Anti-Virus software.
 
CHKFILE was written by Wolfgang Stiller (Author of Integrity Master),
calculates two 16 bit CRCs. I liked this approach because I was
distributing CRC values of the uncompressed files. These CRCs would not be
thrown off when SysOps converted archive types, add a comment to the
archive, or add a file to the archive.


        MD5

Vesselin Bontchev, and David Wagner convinced me of the security offered by
the MD5 algorythm compared to the 16 or 32 bit CRCs offered by CHKFILE or
different archivers.

The MD5 Message Digest Algorithm was designed by RSA Data Security, Inc.

All of the MD5 compatible programs that I tested had one serious flaw. They
only computed a value for one file at a time (i.e. you had to run the
program five times to check the integrity of five files).
 
Keith A. Peer of Central Command Inc. knew of My interest with CRCs, and
found the MD5 Hash Algorythm in 'C' for me.

CHK-SAFE was written from scratch. We only imported the algorythm.
 
The original source appeared to be for UNIX computers, so the source code
had to be modified slightly before it would run on DOS computers.
 
I was concerned the slight modification might make CHK-SAFE incompatible
with the other MD5 compatible programs. So I provided a beta release to
Vesselin Bontchev for testing. He stated that CHK-SAFE's values are
compatible.

CHK-SAFE offers the following options.
 
1. Compatible with the DOS wildcards * and ?
2. Displays the following information.
        a. filename
        b. file size
        c. date stamp
        d. time stamp
        e. MD5 hash values
3. Supports multiple wildcards on the command line.


Sample commands.
 
        CHK-SAFE FILENAME           displays the data for one file to the
                                    screen.

        CHK-SAFE FILENAME>FILENAME  redirects the data for one file to a 
                                    file.

        CHK-SAFE *.COM *.EXE>PRN    Redirects the data for all .COM, and 
                                    all .EXE files (in the current
                                    directory) to the printer.

        CHK-SAFE *.COM              displays data for all .COM files (in 
                                    the current directory) to the screen.
        
        CHK-SAFE C:\PATH\*.*        displays data for all files in a
                                    different directory.
         
These sample commands should be enough to get you acclimated to CHK-SAFE.

Here is a sample output from CHK-SAFE.


CHK_SAFE.EXE Ver 2.01 by Bill Lambdin and Don Peters
with MD5 Algorythm by RSA Data Security
  File name     Size     Date    Time        MD5 Hash
________________________________________________________________________
CHK-SAFE.EXE    12799  07-17-94  20:19  4e5d1233c80db9bac467f58db486f77f
CHK-SAFE.SIG      291  07-17-94  20:20  29f15a6de60e245c28954e77cfb0fbae
LAMBDIN.ASC       833  07-17-94  20:22  78fdc28889529108d190ba57d8905475


CHK-SAFE.EXE    This is the only file you need.

CHK-SAFE.SIG    Is a detached signature to verify the integrity of
                CHK-SAFE.EXE above.

LAMBDIN.ASC     is my public key if you wish to contact me privately.


Fingerprint codes for LAMBDIN.ASC.

Type bits/keyID   Date       User ID
pub  1024/977E2B 1993/03/29  Bill Lambdin <bill.lambdin@pcohio.com>
          Key fingerprint =  8D 3C D4 7A 9D 98 08 6F  61 67 57 83 90 B6 76 53 


CHK-SAFE is not a speedy program at the present time, but we are working on
ideas to increase the speed of CHK-SAFE. We hope to find the MD5 algorythm
in assembly language if possible.

CHK-SAFE is FREE WARE! 

To register CHK-SAFE, Send an E-Mail message to the Internet address below.

bill.lambdin@pcohio.com

Please enclose the following data.
 
 Name
 City
 State or Country

I want to know where CHK-SAFE is being used,

Bill Lambdin
