5.2. Available checksum functions

A cryptographic hash function is a one-way function H(foo) such that it is easy to compute H(foo) from foo, but infeasible to compute foo from H(foo), or to find bar such that H(bar) = H(foo) (which would allow to replace foo with bar without changing the hash function).

One common usage of a such a hash function is the computation of checksums of files, such that any modification of a file can be noticed, as its checksum will change.

For computing checksums of files, and also for some other purposes, samhain uses the TIGER hash function developed by Ross Anderson and Eli Biham. The output of this function is 192 bits long, and the function can be implemented efficiently on 32-bit and 64-bit machines. Technical details can be found at this page.

As of version 1.2.10, also the MD5 and SHA-1 hash functions are available. (You need to set the option DigestAlgo=MD5 or DigestAlgo=SHA1 in the config file to enable this). Note that MD5 is somewhat faster, but because of security concerns it is not recommended anymore for new applications.

As of version 3.1.0, also the SHA2-256 hash function is available. (You need to set the option DigestAlgo=SHA256 in the config file to enable this).