Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1473
Views
0
Helpful
1
Replies

Checksums (router checksum, CCO Hash)

csiebert007
Level 1
Level 1

‎08-13-2007 12:31 AM - edited ‎03-09-2019 06:34 PM

Hi guys!

Since I didn't know where to post this question I'm psoting it here under Security:

In my effort to verify the integrity of binary data as stored on Cisco devices or stored on file servers, I ran across some checksums, which I'm unable to find information about.

1.) router checksum

When downloading an IOS image with a CCO account the following information is given:

Release 12.3.23

Size 9578364

BSD Checksum -

Router Checksum 0x415c

MD5 06e83479353e70c8f29e9593834569f8

Date Published: 25-JUL-2007

I do understand MD5 checksums and how to use them, however I have no clue what the router checksum is and how to use or to verify it. Any ideas where to find this checksum to verify it against? Or any idea on the algorithm used to compute this checksum?

BTW why is the BSD checksum not computed here? What would be the algorithm for the BSD checksum?

2.) CCO checksum

At each Cisco device the 'verify' command can be used to generate checsums:

Router#verify flash:c2800nm-ipbase-mz.123-14.T5.bin

........................................................

Embedded Hash MD5 : C03F32097254C8DAF62513225EFA1347

Computed Hash MD5 : C03F32097254C8DAF62513225EFA1347

CCO Hash MD5 : E0779F332333B30AEBACE4E47E275368

It seems to me that if the computed checksum matches the embedded checksum, I'm on the safe side w.r.t. integrity of the binary.

However, what does the CCO Hash mean, where do I find this string to verify it against?

How is this string created - which algorithm is used?

Thanks in advance for any insight on this topic.

Best regards,

Chris

Labels:
0 Helpful
1 Reply 1

bwalchez
Level 4
Level 4

‎08-17-2007 06:17 AM

In the new UDP header, the checksum value is always assigned to zero. This value prevents an intermediate device from validating the checksum against the packet checksum, thereby, resolving the TCP UDP checksum issue because NAT changes the IP source and destination addresses

0 Helpful
Customers Also Viewed These Support Documents