When calculating a hash of a file for ensuring the authenticity of the evidence, we talk about the possibility of "hash collision", ie, of artificially creating a new file with the same signature than the original. With CRC32 (32-bit) it would only take 2^16 operations to get a hash collision by brute force, while with MD5 (128-bit) it would take 2^64 ops. 2^16 operations is a really small number, that's why it's considered trivial to "break". So the conclusion is that CRC32 should not be used for hashing evidence. Aaron __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 05 2003 - 15:42:25 PST