Re: CRC32 vd MD5

From: <andrea.glorioso(at)binary-only.com>
Date: Sun Jan 05 2003 - 05:42:48 EST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "jm" == admin <admin@forensicfocus.com> writes:

    jm> Furthermore, would it be realistically possible to change data
    jm> in  an image whose   authenticity   is based solely on   CRC32
    jm> value(s) without changing the  values in question, and thereby
    jm> arousing suspicion?

CRC32 is not a cryptographic hash, and it's immunity to tampering and forging is quite weak. I'm not a cryptographic expert, so I can't expose the whys and hows of the tampering process, but a quick search on google revealed this:

• - http://perlmonks.thepen.com/112024.html

  "The code below takes an arbitrary string, and adds some junk on the   end of it to make the CRC come out to any arbitrary value."

So it doesn't seem so hard to tamper with the file content and still have a "valid" crc32 checksum. I personally wouldn't use crc32-only based FIDS.

Best regards,

• -- Andrea Glorioso andrea.glorioso@binary-only.com Binary Only http://www.binary-only.com/ Via A. Zanolini, 7/b Tel: +39-348.921.43.79 40126 Bologna Fax: +39-051-930.31.133 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQE+GAwlP8uivPBALz8RArnlAJ9cPhQhXped55QziBo3TACQ1LMnEgCeJpCr GGO9VNr1yF4ASyaDX/tiyT0=
=p/Sg
-----END PGP SIGNATURE-----

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Jan 5 16:56:57 2003