Subject: Re: Checksum for packages
To: Dominik Rothert <dr@astorit.com>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-pkg
Date: 12/21/2000 12:01:30
> > Is it possible to compromise a file such that size, md5 AND standard
> > checksum are unchanged?
There are actually three "standard" checksums; one is a 32-bit CRC,
which is very good at detecting random errors, but is laughably weak
against an adversary looking to create collisions. The other two are
even weaker as they only produce a 16-bit output.
If md5 is broken, arranging a combined attack so that the standard
checksum is also unchanged should be straightforward.
cryptographic engineering (as opposed to cryptography) involves making
very conservative assumptions about the underlying cryptographic
primitives, and taking the "hunches" and such of the Real
Cryptographers(tm) very seriously. Those cryptographers are saying
"sha1 is most likely stronger than md5"...
- Bill