Re: md5/crc questions
From: AE (hidden_at_nospam.com)
Date: 07/06/03
- Next message: lakis: "RSA imperfection"
- Previous message: AE: "Re: A simple, yet secure algorithm?"
- In reply to: Rafal 'Raf256' Maj: "md5/crc questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 06 Jul 2003 11:02:26 +0200
Hello,
Rafal 'Raf256' Maj wrote:
> Hello,
> I'm quite a newbie to subject of cryptographics, and I have few simple
> questions
>
> 1. where can I find ANSI C algorithm for crc32 code generating?
ftp://ftp.funet.fi/pub/crypt/hash/crc/
> 2. can I build crc checksums longer then 32 bits (i.e. 256, and what
> polynomial values should I use then)
Surely it is possible to build CRC checksums of arbitrary length when
using integers of more than 32 bit length.
Nevertheless I'd use cryptographic checksums instead of crc if crc32 is
not enough.
> 3. is md5 / sha1 usefull for creating files checksums?
Yes.
If 32 bit for a checksum are not enough for you I'd use md5 or sha1.
md5 is faster than sha1 so if you are not expecting an attack against
your algorithm but just want to reduce the probability of a random error
producing the same checksum to less than 2^(-32) you might prefer md5:
It is not likely a randomly changed string will ever have the same
md5-checksum as the original one.
> 4. AFAIK md5 can compress string of some lilited length, what is that limit
> and how can I bypass it? Same question about sha1
Both are compressing strings of up to 2^64 bit - should be enough for
all practical purposes.
> 5. Is using combinations of algorithms above for checksums and encryption a
> good idee? I.e. using md5(md5(data)) or sha1(crc(data)) etc.
You can do this in case you need a checksum of checksums - like an
archive that contains several strings and the checksum of every single
string and you want to validate the checksums weren't changed.
But there is no need to do this for cryptographic purposes:
sha1(crc(data)) is not any better than crc(data) since an attacker could
calculate data' so that crc(data) == crc(data').
> First quess - is string retrned by sha1 is too long we can use md5(sha1())
> or crc(sha1()) to make it shorter, am I right?
You can as well just truncate the checksum to the length needed.
When 32 bits are enough for your checksum you should use crc since md5
truncated to 32 bit can be broken almost as fast as crc32.
For checksums up to 128 bit I'd use md5 since it's faster than sha1.
When using sha1 od ripemd160 I'd store the full checksum.
> TIA
AE
- Next message: lakis: "RSA imperfection"
- Previous message: AE: "Re: A simple, yet secure algorithm?"
- In reply to: Rafal 'Raf256' Maj: "md5/crc questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
