jimkirk@OUTLAW.UWYO.EDU (James Kirkpatrick) (02/24/91)
I need/want some specific references, examples, or descriptions of how to "break" a CRC-based checksumming system. The specific case is VMS' undocumented (but widely known and used) CHECKSUM command which reads the contents of a given file and produces a checksum. This is then used to verify that the file "probably" was not altered (e.g. patched by some unauthorized person). I'm aware that CRC-based checksumming is not nearly as secure as, say, DES-based hashing. I've been told that if the CRC polynomial is known and I can change the last "n" bits of the file (where "n" is the size of the CRC), it is easy to fudge the file so the checksum matches again. Otherwise it is more difficult. I'd like some specific references, if at all possible, or examples. My manager needs convincing that cryptographic checksums should be used as opposed to CRC-based checksums, and I'd really like to be able to demonstrate the weaknesses. Jim Kirkpatrick JIMKIRK@CORRAL.UWYO.EDU JIMKIRK@UWYO (Until 6/1)