[Cryptography] let's kill md5sum!
Sampo Syreeni
decoy at iki.fi
Mon Jun 8 14:12:46 EDT 2015
On 2015-06-08, Peter Gutmann wrote:
> There are a lot of cases where it's used as a kind of super-CRC32, to
> detect data corruption on storage media rather than malicious
> alterations, and it's perfectly adequate for that.
Except that it's not. Of course you do have a stochastic guarantee, with
md5sum, but no hard one like you do with CRC32.
That *can* fuck you up, when you pass lots of short messages, like you
do over a constrained radio channel. And it *will* fuck you up with
current bandwidths, sooner or later. Without you knowing what then
happens, because you haven't quantified the error-floor to coding
bandwidth staircase.
Likely the problem isn't grave. But I don't much like the idea of
mistaking ECC for cryptographic checksums. Especially in any application
where the coding space is less than the square of log of all the bits
likely to be produced in the lifetime of the protocol.
--
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-40-3255353, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cryptography
mailing list