1. Forum
  2. sp00knet
  3. SN CRYPTO

  • MD5/SHA256/etc vs CRC

    From debian@700:100/69 to All on Thursday, December 07, 2023 21:00:45
    Hey everyone,

    Just wanting to know - how does MD5/SHA256 or 512 compare to a CRC check when it comes to detecting if a file has changed or has been tampered? Would CRC be better suited for this task, or would a checksum work fine?

    -Debian

    How ya gonna do it? PS/2 it!

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: SPOT BBS / k9zw (700:100/69)
  • From claw@700:100/84 to debian on Friday, December 08, 2023 07:42:22
    On 07 Dec 2023, debian said the following...

    Hey everyone,

    Just wanting to know - how does MD5/SHA256 or 512 compare to a CRC check when it comes to detecting if a file has changed or has been tampered? Would CRC be better suited for this task, or would a checksum work fine?

    -Debian

    I would like the answer to this one too. Sound interesting.

    |23|04Dr|16|12Claw
    |16|14Sysop |12Noverdu |14BBS |20|15Radio|10@|14HTTP://Noverdu.com:88
    |16|10 Standard ports for SSH/Telnet |04 WEB|14@|12HTTP://noverdu.com:808 |20|15Global Chat, Global Messaging and Games! |16|10Ditch the Unsocial Media

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: Noverdu BBS (700:100/84)
  • From Fissile Syntax@700:100/72 to debian on Tuesday, December 12, 2023 23:24:54
    Just wanting to know - how does MD5/SHA256 or 512 compare to a CRC check when it comes to detecting if a file has changed or has been tampered? Would CRC be better suited for this task, or would a checksum work fine?

    https://stackoverflow.com/questions/16122067/md5-vs-crc32-which-ones-better-fo r-common-use

    Some reading on this suggests that it is easier to create a different (malware) file with the same checksum as the legitimate one when using CRC. This is apparently much harder than doing so using a hashing algorithm, but it is computationally faster to use CRC.

    Several posts suggest that CRC (and BBS users would know this from file xfers) is best used to detect errors created by line noise or data corruption, rather than for file integrity from a security (rather than network engarblement+) standpoint.

    + = I thought I invented this word just now and was very pleased with myself until I googled and found 13 results. Drat, I say.

    I always use SHA256 or SHA512 for this sort of thing for my personal projects. MD5 is outdated, apparently, or so I have read.

    In my case, though, computational speed is unimportant.

    --- Mystic BBS v1.12 A47 2021/12/24 (Linux/64)
    * Origin: Shipwrecks & Shibboleths [San Francisco, CA - USA] (700:100/72)
  • From debian@700:100/69 to Fissile Syntax on Tuesday, December 12, 2023 21:17:06
    Some reading on this suggests that it is easier to create a different (malware) file with the same checksum as the legitimate one when using CRC. This is apparently much harder than doing so using a hashing algorithm, but it is computationally faster to use CRC.

    Several posts suggest that CRC (and BBS users would know this from file xfers) is best used to detect errors created by line noise or data corruption, rather than for file integrity from a security (rather than network engarblement+) standpoint.

    Good to know. Even though I have been a dial up user since the late 90s, I haven't really played around too much with BBSes until recently. So, CRC is more for error detection than encrypting or determining if something has been tampered with. Understood.

    I always use SHA256 or SHA512 for this sort of thing for my personal projects. MD5 is outdated, apparently, or so I have read.

    I use SHA256 when creating (extremely) long passwords. The rough estimate for a password of that length is about 10,000 years to crack it with todays "supercomputers". Maybe John the ripper can run over a distributed network?

    Anyways, thanks for the useful input!

    -Debian

    How ya gonna do it? PS/2 it!

    --- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
    * Origin: SPOT BBS / k9zw (700:100/69)