Re: CRC32 vd MD5

From: Kurt Seifried (btat_private)
Date: Thu Jan 23 2003 - 04:34:54 PST

Next message: Simson L. Garfinkel: "Re: MD5 Exploit Database?"

Previous message: Merino, Inigo (ISP): "RE: MD5 Exploit Database?"
In reply to: Jason Coombs: "RE: CRC32 vd MD5"
Next in thread: Jason Coombs: "RE: CRC32 vd MD5"
Next in thread: Jason Coombs: "RE: CRC32 vd MD5"
Reply: Jason Coombs: "RE: CRC32 vd MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> One more thing -- with respect to forensic analysis conducted in the
context
> of information security rather than legal forensics, I care more about
> unpredictability of the algorithm that I'm going to use to analyze bits
than
> about anything else. An attacker who knows what my analysis tool looks
like
> with certainty can find a way around it -- an attacker who knows that I
use
> one of six different tools at any one time and rotate through them
randomly
> has only a one in six chance of guessing right and they have zero chance
of
> preventing me from using two different tools to analyze the same bits.
Also,
> I gain some security through obscurity if I supplement standard hash
> algorithms with algorithms of my own design -- and not because my own
> algorithms are going to be as provably secure/free of collisions, but
> because it is impossible for an attacker to know ahead of time what their
> bits are going to look like when processed by my code unless they first
> obtain a copy of my code.

Wouldn't it be simpler to just use proven algorithms such as MD5/SHA1 and if
you want to be very paranoid take sums of random sized/placed blocks of data
on the disk? It seems rather futile to create your own methods, as the
attacker would only be caught by them if they somehow manage to fool
MD5/SHA1, which I think is unlikely. Wouldn't your efforts be better spent
on improving the collection/analysis of data and ensuring that the tools
(not the algorithms) are "faked" out (to use a poor phrase).

> This is an appropriate role for security through obscurity; often times
> people think they're getting security through obscurity when in fact
they've
> just created one more secret that has to be kept that is relatively easy
to
> discover.
>
> Jason Coombs
> jasoncat_private


Kurt Seifried, kurtat_private
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Simson L. Garfinkel: "Re: MD5 Exploit Database?"
Previous message: Merino, Inigo (ISP): "RE: MD5 Exploit Database?"
In reply to: Jason Coombs: "RE: CRC32 vd MD5"
Next in thread: Jason Coombs: "RE: CRC32 vd MD5"
Next in thread: Jason Coombs: "RE: CRC32 vd MD5"
Reply: Jason Coombs: "RE: CRC32 vd MD5"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:34:24 PST