Re: Does .NET detect alterations to an assembly?
From: David Thom (davidt@npsinc.com)
Date: 02/14/03
- Next message: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Previous message: Hans Mogaard: "SymmetricAlgorithm Flush problem"
- In reply to: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Next in thread: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Reply: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Thom" <davidt@npsinc.com> Date: Fri, 14 Feb 2003 15:25:15 -0600
It's still not clear whether the hash-check is done whether or not the
assembly is signed/strong-named.
The quotation you included in your reply appears to be in the context of a
signed/strong-named assembly.
But is hash-checking also done for "plain" assemblies?
David Thom
"Michel Gallant (MVP)" <neutron@istar.ca> wrote in message
news:3E4D3FFF.D485E045@istar.ca...
> see also:
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/htm
l/cpconassembliessecurityconsiderations.asp
>
> "The common language runtime also performs a hash verification; the
assembly
> manifest contains a list of all files that make up the assembly, including
a hash
> of each file as it existed when the manifest was built. As each file is
loaded,
> its contents are hashed and compared with the hash value stored in the
manifest.
> If the two hashes do not match, the assembly fails to load. "
>
> - Mitch
>
>
> "Shawn Farkas [MS]" wrote:
>
> > David,
> >
> > If you sign your assembly, then the framework will detect if it has
been
> > tampered with, and refuse to load it.
> >
> > -Shawn
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> > Please do not send email directly to this alias, this alias is for
newsgroup
> > purposes only.
> >
> > "David Thom" <davidt@npsinc.com> wrote in message
> > news:uk8oMSD1CHA.1644@TK2MSFTNGP12...
> > > If an assembly were altered - say, with a hex editor - does .NET
detect
> > the
> > > alteration?
> > >
> > > If, for example, we embed a string value in a .NET assembly, can it be
> > > changed by a hacker? (we don't care if it can be viewed, we just don't
> > want
> > > it to be changed).
> > >
> > > I seem to recall that .NET assemblies have a "hash count/code" to
protect
> > > against this. But I don't know if that "feature" requires code signing
or
> > > some other overt action on the developer's/deployer's part in order to
> > > activate it.
> > >
> > > If I simply create a .NET assembly and do nothing else, is it
protected
> > > against modification? Or should I say, will the alteration at least
be
> > > detected?
> > >
> > > Thanks!
> > >
> > > David Thom
> > >
> > >
> > >
> > >
>
- Next message: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Previous message: Hans Mogaard: "SymmetricAlgorithm Flush problem"
- In reply to: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Next in thread: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Reply: Michel Gallant (MVP): "Re: Does .NET detect alterations to an assembly?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
