[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Hashes of Files on File Object
Right now on the File Object we have the "hashes" property as optional. I am really worried about this... I just do not think it makes sense to pass around a File Object that does not have at least one hash. I would also suggest that we should have a property on the base object called "primary_hash or file_hash or something" and define it in CybOX 3.0 as SHA256. Then have the "hashes" object extension be for "extra" hashes that you might want to provide above and beyond the base hash. But every File Object MUST have at least an SHA256 hash in the "primary_hash" field. Then in future versions of CybOX we can rev that to the hash-of-the-day once SHA256 is considered "broken". The one thing I do not like about the generic Hashes extension is for something as important as a file hash, there is no predictability in this File Object. There is nothing you can count on from a Hash stand point. I think we should really fix this. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." |
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]