Re: CRC32 vd MD5

From: Jamie Lawrence (jalat_private)
Date: Sun Jan 05 2003 - 14:14:42 PST

Next message: Matt Curtin: "Re: CRC32 vd MD5"

Previous message: Simson L. Garfinkel: "Re: CRC32 vd MD5"
In reply to: David Pick: "Re: CRC32 vd MD5"
Next in thread: Matt Curtin: "Re: CRC32 vd MD5"
Next in thread: Ronald Prins: "RE: CRC32 vd MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 04 Jan 2003, David Pick wrote:

> So, a CRC does what it's designed to do well; but it's only designed
> to check for *accidental* changes to the data. It *is* practical
> to intentionally modify data protected by a CRC.
> 
> A cryptographically strong hash functioin like the one used in MD5
> is far harder to "crack". I can't really comment on just *how*
> much harder it is because I'm not an expert but all the advice
> is that it's very much stronger. The hash function is harder to
> compute (and hence takes more time); the hash value generated is
> longer so more trials have to be made in a "brute force" attack.
> 

I agree with David's conclusions all down the line.

To add a bit about the cost of attacking MD5 in order to modify data
without detection, I'd only add a few comments. 

There have been recent advances in attacking MD5 which puts long term 
viability in question. However, most of the current public state of the 
art there is theoretical.* Birthday attacks are much more likely than
in place modification.

In practical terms, even if someone were to find a set of data that
matched a given CRC, the result would almost certainly be gibberish
that would look nothing like a drive image. While cryptographically
valid, I don't think anyone would believe it was the actual original
data.

Assuming that I had a good reason to modify data validated by a CRC32, 
I think I could do so in a day or so of experimentation, if it were a 
largish pile of bytes (I've never tried, but I think it wouldn't be hard). 
Assuming that I needed to do that with an MD5 checksum, I'd start looking 
for ways to leave the country, quickly and quietly.

-j

* For recent advances on analysing MD5, Google for +MD5 +attack.
  For more on the properties of MD5, I can't think of a better source
  than Schneier's _Applied Cryptography_, truly one of the best books on
  crypto ever written.

--
Jamie Lawrence                                        jalat_private
"In my little way, I'm sneakily helping people understand a bit more
about the sort of people God likes."
   - Larry Wall.

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Matt Curtin: "Re: CRC32 vd MD5"
Previous message: Simson L. Garfinkel: "Re: CRC32 vd MD5"
In reply to: David Pick: "Re: CRC32 vd MD5"
Next in thread: Matt Curtin: "Re: CRC32 vd MD5"
Next in thread: Ronald Prins: "RE: CRC32 vd MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 08:29:12 PST