Jamie, A 32-bit CRC does not exhibit collision resistance; its result space is too small to be considered safe. The CRC32 algorithm is not considered safe, either. MD5 and SHA1 are more 'secure'. MD5 generates a 128-bit hash and SHA1 a 160-bit hash. SHA1 is part of the Digital Signature Standard (DSS). The goal of these algorithms was to make it near-impossible to have matching hashes for two different inputs. On reading the court documents you provided links to, it shows that the FBI labs used MD5 to verify the integrity of the SafeBack images. So, although SafeBack generates an insecure value, the authenticity of the images was verified. John ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 05 2003 - 15:42:40 PST