Comment Re:Sensible collissions that don't affect size? (Score 1) 72
I did some custom file 'fingerprinting' work some time ago when management didn't want to spring for Tripwire. For each file, the system stored both the md5sum and an shasum in addition to the file size. Figured that it was sufficiently improbable that a single altered file could collide in both hashing functions, particularly without changing in file size.
Granted, a rootkit could probably mess with return values to make it look as though the file hadn't changed at all, but at that point monitoring binaries and config files for changes isn't going to help.