On Sat, 04 Jan 2003, David Pick wrote: > So, a CRC does what it's designed to do well; but it's only designed > to check for *accidental* changes to the data. It *is* practical > to intentionally modify data protected by a CRC. > > A cryptographically strong hash functioin like the one used in MD5 > is far harder to "crack". I can't really comment on just *how* > much harder it is because I'm not an expert but all the advice > is that it's very much stronger. The hash function is harder to > compute (and hence takes more time); the hash value generated is > longer so more trials have to be made in a "brute force" attack. > I agree with David's conclusions all down the line. To add a bit about the cost of attacking MD5 in order to modify data without detection, I'd only add a few comments. There have been recent advances in attacking MD5 which puts long term viability in question. However, most of the current public state of the art there is theoretical.* Birthday attacks are much more likely than in place modification. In practical terms, even if someone were to find a set of data that matched a given CRC, the result would almost certainly be gibberish that would look nothing like a drive image. While cryptographically valid, I don't think anyone would believe it was the actual original data. Assuming that I had a good reason to modify data validated by a CRC32, I think I could do so in a day or so of experimentation, if it were a largish pile of bytes (I've never tried, but I think it wouldn't be hard). Assuming that I needed to do that with an MD5 checksum, I'd start looking for ways to leave the country, quickly and quietly. -j * For recent advances on analysing MD5, Google for +MD5 +attack. For more on the properties of MD5, I can't think of a better source than Schneier's _Applied Cryptography_, truly one of the best books on crypto ever written. -- Jamie Lawrence jalat_private "In my little way, I'm sneakily helping people understand a bit more about the sort of people God likes." - Larry Wall. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 08:29:12 PST