Re: CRC32 vd MD5

From: Matt Curtin (cmcurtinat_private)
Date: Sun Jan 05 2003 - 16:07:36 PST

Next message: Christine Siedsma: "CRIME New Digital Forensic resource"

Previous message: Jamie Lawrence: "Re: CRC32 vd MD5"
In reply to: David Pick: "Re: CRC32 vd MD5"
Next in thread: Ronald Prins: "RE: CRC32 vd MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Pick <d.m.pickat_private> writes:

> A cryptographically strong hash functioin like the one used in MD5
> is far harder to "crack". I can't really comment on just *how* much
> harder

A good hash function would be where the amount of work necessary to
create two predictable inputs to hash to the same output is equal to
or greater than pure brute force, i.e., feeding all possible inputs to
the function and finding two that collide.  In practice, it's better
than this, because forged input that matches the hash for legitimate
input needs to look like the real input.  That is, it can't be
gibberish.

Attacks against hashing functions are basically attempts to make it
feasible to find (or to create) a forged input that will match the
hash of legitimate input.  CRC is rightly called a checksum, rather
than a hash, because of the relative ease of finding a legitimate
looking input that will produce a given fingerprint.

As for the strength of MD5, no practical attacks have been found
against it.  A few years back, Hans Dobbertin of Germany published
some interesting work on MD5 in RSA's /CryptoBytes/.  In the article,
he concluded that although he didn't have a good successful attack
against MD5, it was starting to look like MD4 (which was eventually
defeated).  Some have preferred to use SHA-1 over MD5 for this reason.

As far as I know, no one has published any additional work on MD5 that
has built on Dobbertin's work, or found any other serious attacks
against it.

So thorugh all of the noise, the basic difference is feasibility of
creating an input that will match a given fingerprint.  CRC32 is
feasible, and things like MD5 (at 128 bits) and SHA-1 (at 160 bits)
are not.  Might be interesting to do some calculations to see just how
much work it would require...but assuming conventional computers
(i.e., ruling out stable quantum or DNA computers), it's certainly way
longer than we, our children, or their children have to work on the
problem.

-- 
Matt Curtin, CISSP, IAM, INTP.  Keywords: Lisp, Unix, Internet, INFOSEC.
Founder, Interhack Corporation +1 614 545 HACK http://web.interhack.com/
Author of /Developing Trust: Online Privacy and Security/ (Apress, 2001)

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Christine Siedsma: "CRIME New Digital Forensic resource"
Previous message: Jamie Lawrence: "Re: CRC32 vd MD5"
In reply to: David Pick: "Re: CRC32 vd MD5"
Next in thread: Ronald Prins: "RE: CRC32 vd MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 06 2003 - 08:30:01 PST