Computer Forensics: RE: MD5 Collisions and Evidence Integrity

Subject:	RE: MD5 Collisions and Evidence Integrity
Date:	Mon, 15 Nov 2004 20:33:58 +0100

Subject:

RE: MD5 Collisions and Evidence Integrity

Date:

Mon, 15 Nov 2004 20:33:58 +0100

Even worse, if the alteration was intentional, there's  known *fast*
algorithms
for creating a new plaintext with the same CRC-32.  Basically, you use the
same
algorithm that is used for *every single* packet transmitted on the
Internet,
as specified in RFC1141/1624.  I don't know of any routers that *don't*
update
the IP checksums in hardware.


Exactly my point. The reason for using hashing in computer forensics is to
be able to prove that that the evidence is unchanged; intentional or
unintentional. If it is possible to make intentional changes and still end
up with the same hash sum, then the algorithm is too weak.

As stated in my previous post, I do not think MD5 is there yet.

--
Svein Y. Willassen, M.Sc.
Special investigator, Norwegian National Computer Crime Center

 


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

<Prev in Thread]	Current Thread	[Next in Thread>
Re: hash of directory, (continued) Re: hash of directory, Valdis . Kletnieks Re: hash of directory, Ron Re: hash of directory, Geoffrey Re: hash of directory, Alexander Klimov Re: hash of directory, Valdis . Kletnieks Re: hash of directory, subscribe Re: MD5 Collisions and Evidence Integrity, Maximillian Dornseif Re: MD5 Collisions and Evidence Integrity, Jack Seward RE: MD5 Collisions and Evidence Integrity, Svein Yngvar Willassen Re: MD5 Collisions and Evidence Integrity, Valdis . Kletnieks RE: MD5 Collisions and Evidence Integrity, Svein Yngvar Willassen <= RE: MD5 Collisions and Evidence Integrity, Frank Knobbe Re: MD5 Collisions and Evidence Integrity, Gavin Reid Re: MD5 Collisions and Evidence Integrity, Richard Rager Re: MD5 Collisions and Evidence Integrity, Valdis . Kletnieks Re: MD5 Collisions and Evidence Integrity, Anders Thulin Re: MD5 Collisions and Evidence Integrity, Lance James RE: MD5 Collisions and Evidence Integrity, dave kleiman Re: MD5 Collisions and Evidence Integrity, David Baker DVD burner for archival image copies, Jerry Shenk Re: DVD burner for archival image copies, Greg Freemyer

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Amlafvc.exe?, Jim McBurnett
Next by Date:	Re: mactimes (ctime on unix is not creation but change time), Martin Mačok
Previous by Thread:	Re: MD5 Collisions and Evidence Integrity, Valdis . Kletnieks
Next by Thread:	RE: MD5 Collisions and Evidence Integrity, Frank Knobbe
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Amlafvc.exe?, Jim McBurnett

Next by Date:

Re: mactimes (ctime on unix is not creation but change time), Martin Mačok

Previous by Thread:

Re: MD5 Collisions and Evidence Integrity, Valdis . Kletnieks

Next by Thread:

RE: MD5 Collisions and Evidence Integrity, Frank Knobbe

Indexes:

[Date] [Thread] [Top] [All Lists]