|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: CRC32 vd MD5
From: Aaron Cheek <aaron_cheek(at)yahoo.com>
Date: Sat Jan 04 2003 - 17:40:22 EST
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Jan 5 16:57:13 2003
Date: Sat Jan 04 2003 - 17:40:22 EST
When calculating a hash of a file for ensuring the
authenticity of the evidence, we talk about the
possibility of "hash collision", ie, of artificially
creating a new file with the same signature than the
original.
With CRC32 (32-bit) it would only take 2^16 operations to get a hash collision by brute force, while with MD5 (128-bit) it would take 2^64 ops.
2^16 operations is a really small number, that's why it's considered trivial to "break".
So the conclusion is that CRC32 should not be used for hashing evidence.
Aaron
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Sun Jan 5 16:57:13 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |