DragonFly BSD
DragonFly users List (threaded) for 2005-09
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: [OT] Micro$oft versus security

From: "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>
Date: Thu, 22 Sep 2005 12:24:38 +0200

Erik Wikström wrote:
Anyone here agree that MD5 and SHA1 are 'weak' crypto?  Any other
thoughts about the subject?
I would not say that MD5 and SHA1 are weak, but considering that some
companies run the same version of a MS-product for ages and considering
the reports of attacks against then, it might be a good idea. For some
things though, such as integrity-checks (of non-critical data)they will
still work fine (I still use CRC32).

First of all, MD5 and SHA1 are not crypto. They are strong one-way hashes, i.e. it's hard to find data which results in the same hash.

Nevertheless they have been broken recently (about one year) and for MD5 for example single bits can be changed. That doesn't seem much, but it's a step in the direction "you can't trust that if a file matches its MD5 it hasn't been tampered with".

CRC32 was never designed for this kind of tampering protection. It's merely a system to discover bit errors while transmitting few data.


Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low $$$ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]