Rob ha scritto: > On Friday 24 October 2008 15:10, Kari Laine wrote: > >> referring to discussion few days back I have now tested md5sum with >> 540388 files and got NO collisions - I think. Method I used was to >> calculate md5sum and sha512sum for all those files. >> > > I really think that the problem with md5sum collisions is relevant to > security concerns, but not data integrity concerns. In a security > context, you have to say "It would have taken a hacker at least an hour to > fake the md5sum on this file", but when you're just trying to prove a copy > of a file you've just made is the same as the original, you can say "There > is a 1 in 340,000,000,000,000,000,000,000,000,000,000,000,000 chance that > these two files with the same md5sum might be actually different. With > odds like that, I'll take my chances." > You are so right! But for anyone who cares, this is a simple example about this concept.
Take a simple file which contains "1234", in hex 0x31, 0x32, 0x33, 0x34. Now suppose a hacker wants the "2" become a "5", but the file should keep the same checksum. The difficulty is about the checksum method. One method often used is xor, obtained by xor'ing together all the values. So, "1" xor "2" xor "3" xor "4" gives 4 (hex 0x04). If the hacker puts "5" instead of "2", the checksum becomes 3, but he wanted 4. So he computes 3 xor 4, obtains 7, and xors this with any of the other bytes. He chooses the last, "4", and makes it "3" ("4" xor 7 gives "3"). So, its file now is "1533", with checksum 4. Simple, no? This works because the xor method is so simple, and is commutative like addition or multiplication. But choose a simple method without commutative property, like: bChk=0 for each bByte in file bChk = bChk xor bByte bChk +=1 ' <- only difference next Know, who can say what is the procedure to get the checksum right again, after changing "2" to "5"? By simply deleting the commutative property of xor, we made the hacker's job harder. This explanation is a stupid thing, but may be someone finds it interesting - cheers. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Gambas-user mailing list Gambas-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/gambas-user