RE: CRC32 vd MD5

From: John Howie <JHowie(at)securitytoolkit.com>
Date: Sat Jan 04 2003 - 18:34:08 EST

Jamie,

A 32-bit CRC does not exhibit collision resistance; its result space is too small to be considered safe. The CRC32 algorithm is not considered safe, either.

MD5 and SHA1 are more 'secure'. MD5 generates a 128-bit hash and SHA1 a 160-bit hash. SHA1 is part of the Digital Signature Standard (DSS). The goal of these algorithms was to make it near-impossible to have matching hashes for two different inputs.

On reading the court documents you provided links to, it shows that the FBI labs used MD5 to verify the integrity of the SafeBack images. So, although SafeBack generates an insecure value, the authenticity of the images was verified.

John

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Jan 5 16:55:43 2003

This message: [ Message body ]
Next message: andrea.glorioso(at)binary-only.com: "Re: CRC32 vd MD5"
Previous message: David Pick: "Re: CRC32 vd MD5"
Maybe in reply to: admin(at)forensicfocus.com: "CRC32 vd MD5"
Next in thread: admin(at)forensicfocus.com: "RE: CRC32 vd MD5"
Reply: admin(at)forensicfocus.com: "RE: CRC32 vd MD5"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT