Re: CRC 32 vs CRC 64 vs CRC 128 vs MD5

From: Paul Schlyter (pausch_at_saaf.se)
Date: 07/20/03


Date: Sun, 20 Jul 2003 07:52:55 +0000 (UTC)

In article <s%oSa.91242$sY2.43624@rwcrnsc51.ops.asp.att.net>,
zhengyu <zhengyu@comcast.net> wrote:
 
> I got a few questions on one way hashing function.
>
> I was investigating CRC32 and found that it wasn't particularly good
> at doing signatures. Then I looked at CRC64, it was much collision-
> safer and computationally it is much better than MD5, now, if I do
> CRC128, would it be just as safe as MD5?? If so CRC128 is probably
> a lot more computationally efficient than MD5.
 
While properly designed CRC's are good at detecting random errors in
the data (due to e.g. line noise), the CRC is useless as a secure
indicator of intentional manipulation of the data. And this is
because it's not hard at all to modify the data to produce any CRC
you desire (e.g. the same CRC as the original data, to try to
disguise your data manipulation).
 
Therefore, even a 2048-bit CRC would be cryptographically much less
secure than a 128-bit MD5.
 
There is a reason cryptographically strong hashes such as MD5 or SHA
require much more computation than a simple CRC.
 

-- 
----------------------------------------------------------------
Paul Schlyter,  Grev Turegatan 40,  SE-114 38 Stockholm,  SWEDEN
e-mail:  pausch at stockholm dot bostream dot se
WWW:     http://www.stjarnhimlen.se/

         http://home.tiscali.se/pausch/



Relevant Pages

  • Re: F12-i386-DVD iso wont burn properly -- SOLVED
    ... and the disc to be checked against it. ... All files get an MD5 or SHA1 check performed on ... means to embed such a CRC in the program which does the checks. ...
    (Fedora)
  • Re: CRC 32 vs CRC 64 vs CRC 128 vs MD5
    ... ]just as safe as MD5?? ... For cryptographic purposes? ... dictionary hash, or a database hash, go ahead and use crc. ...
    (sci.crypt)
  • Re: Basic Crypto Question
    ... > This hash result will be exposed to potential hacking for about 10 ... > MD5 based results any more/less "secure" than the CRC-like result? ... random output. ... So, under some reasonable assumptions, the CRC ...
    (sci.crypt)
  • Re: Removing duplicate files
    ... Files are compared using the checksum value. ... the files could differ but have the same check-sum. ... CRC is the same as it was before the modification. ... CRC, MD5, and SHA checksums are all identical for the two files. ...
    (microsoft.public.windowsxp.general)