RE: CRC32 vd MD5

From: Jason Coombs <jasonc(at)science.org>
Date: Thu Jan 23 2003 - 17:35:23 EST

I'm referring to infosec forensics not legal forensics.

Believing what you see on a computer screen makes invalid assumptions any time an attacker can anticipate what it is that you expect to see. Using MD5/SHA-1/etc. for hashing leaves you vulnerable to this type of social engineering where your expectations are satisfied therefore you think you're secure -- but anyone, anywhere could have come up with the key (the right hash) that will satisfy your expectations -- so what good were those expectations in the first place?

Jason Coombs
jasonc@science.org

-----Original Message-----
From: Ed Carp [mailto:erc@pobox.com]
Sent: Thursday, January 23, 2003 10:16 AM To: Jason Coombs
Cc: admin@forensicfocus.com;
securityfocus.com!forensics@adsl-61-76-31.pns.bellsouth.net Subject: RE: CRC32 vd MD5

On Sun, 19 Jan 2003, Jason Coombs wrote:

> I gain some security through obscurity if I supplement standard hash

I disagree. If you can't prove that your algorithms don't actually increase the chances of a collision, they're worthless, and they wouldn't stand up for more than 30 seconds in a court of law. By using your own algorithms, you're just handing the case to a smart defense attorney - on a very silver platter.

--
Ed Carp, N7EKG          
http://www.pobox.com/~erc               214/986-5870
Licensed Texas Peace Officer
Computer Crime Investigation Consultant

Director, Software Development
Escapade Server-Side Scripting Engine Development Team
http://www.squishedmosquito.com

Microsoft Front Page - the official HTML editor of Al Qaeda
Microsoft Hotmail - the official email of Al Qaeda



-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: 
http://aris.securityfocus.com

Received on Fri Jan 24 16:15:24 2003

Do you need help?

This message: [ Message body ]
Next message: Kowalski, Thomas TL26C: "RE: IDS and forensics"
Previous message: perrieror(at)ssginfo.montclair.edu: "Re: IDS and forensics"
Maybe in reply to: admin(at)forensicfocus.com: "CRC32 vd MD5"
In reply to Jason Coombs: "RE: CRC32 vd MD5"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:42 EDT