CRC32 is designed to detect transmission errors. It is a 32-bit checksum. MD5 is used to detect document modifications. It is a 128-bit checksum. The odds that two documents (such as the original one and the fraudulently modified one) will have the same CRC32 is 1 in 2^32, or roughly 1 in 4 billion. If you are using a CRC32 and do not understand the math, you can simply make your modification, then try 4 billion different documents (cycling an unused 4-byte block, for example), and you will probably find one that has the same CRC32 as your original document. You can do better if you understand the math. If you are using an MD5 and make a modification and you don't understand the math, you will need to try at most 2^128, or 2^127 on average, different documents before you find another that has the same MD5. This is a prohibitive amount of time. Despite a recent posting to RISKS to the contrary, doing a search of 2^127 different keys is beyond current computational resources, and likely to remain so for the forseeable future. (That is, at least a million years.) Of course, you could do better if you understood the math, but right now nobody does. I must say that it is surprising that the the FBI CART team is using CRC32s to authenticate duplicated drives, rather than MD5 codes. It is not hard to create files that have the same CRC32 as the ones that the FBI quotes on p. 7 of http://notablecases.vaed.uscourts.gov/1:01-cr-00455/docs/68089/0.pdf . In fact, I may use this as an exercise in a cryptography course I am teaching in March. -Simson ----- Original Message ----- From: <adminat_private> To: <forensicsat_private> Sent: Thursday, January 02, 2003 2:58 PM Subject: CRC32 vd MD5 > Hi everyone, > > Firstly, a very happy new year to all! > > I'm no expert on hashing/error checking algorithms I'm afraid so please forgive me if the > following is somewhat obvious... > > In the following two pdf files: > > http://notablecases.vaed.uscourts.gov/1:01-cr-00455/docs/68089/0.pdf > http://notablecases.vaed.uscourts.gov/1:01-cr-00455/docs/68092/0.pdf > > related to the case of USA vs Zacarias Moussaoui, there is some discussion of the use > of CRC32 instead of MD5 to provide verification that a hard disk has been imaged > correctly. In this particular case the later use of MD5 would seem to confirm the accurate > imaging of the disks in question but in general does the use of CRC32 during (and after) > the imaging process really make any further checking with MD5 redundant? > > Furthermore, would it be realistically possible to change data in an image whose > authenticity is based solely on CRC32 value(s) without changing the values in question, > and thereby arousing suspicion? > > Kind regards, > > Jamie > > -- > Jamie Morris > Forensic Focus > Email: adminat_private > Web: http://www.forensicfocus.com > > > > ----------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Jan 05 2003 - 15:44:46 PST