I know this is not really related to win32asm but I didn't know where to ask for this information ...

what is a checksum and what is it used for?

also what is crc32 and md5?

can somebody give an explanation or point me to some documents?

(keep in mind that I really don't know anything about these terms ...so I need a very general explanation)

thank you ...

code1101
Posted on 2002-04-21 18:52:45 by code1101
To give you a real simple explanation, CRC32 and md5 are just two methods of putting the contents of a file through a mathematical algorithm to achieve a (hopefully) unique "signature" value for the file/data stream. Putting the stream through this algorithm is called "hashing" it. If you change just one bit in that stream, then rehash it, your signature value should change. So, this is useful for checking if two files are the same, etc.

There are a few 'universal' algorithms, crc32 and md5 are just two of them. If you want some more info on md5, search for threads on that subject for the last month (i have just some some stuff with it), you will get info and code. Also, there is an RFC explaining md5.
Posted on 2002-04-21 20:41:21 by sluggy
Well they are all methods of checking the file integrity, is check if something in the bit stream was not incidentaly or on purpose changed.

Checksum
==========
The most simple one just add all bytes,or words, od dwords into a single variable and accumulate... there is afair chance that is a bit is changes the whole checksumm of the file will be diffrent

but its not sure, besides if a bit goes up somewhere and down in the other right place the whole summ could be the same and the error get undetected

CRC32
==========
The answer to the above problem is the CRC32, this uses a math polynomial formula to maximize the chance to dtect any error and multiple errors as well. use waidely nowdays it first started in hardware data transmission devices, FDD etc

Theoretically it can detect maore and more errors as the order of the poly gets higher, but for speed reasons CRC32 is used

Because it is widely used allmost anybody knows how to trick this aka vx and stuff but that is not the algo's fault

MD4,5
========
Another variation using Hash tables to do the same: return a value or two that IDs that the file/data are valid.

Not my special knowledge area though...

There are examples on the net and on this message board (just do a search) for code to do this stuff

Bogdan
Posted on 2002-04-21 21:05:17 by BogdanOntanu
hi,

today i coded this tool just to show to a friend how crc16/32/48 can be easily forged to a specific value. and now that thread... :)

this tool will make all files in current directory have the same crc. i hope somebody found this interessanting. ;)

ancev
Posted on 2002-04-21 21:31:03 by ancev
That is because the CRC algo i supposed to catch errors because of data transmissions or bad media, and eventually corect them ;)

yes it can do that ;)

CRC can not compete with ANCEV anyway :)

i bet MD5 can not either (but there are no public available tools yet)

Ancev, we use CRC32 in HE for some features, and since u seem to know this by hard... please a quick question:

MD4 or MD5 are faster or slower compared to CRC32 ?
and by how much?
Posted on 2002-04-21 21:53:01 by BogdanOntanu
BogdanOntanu,

they are slower, and i guess that by much. but i not sure.

in bruce schneider crypto book there's that info, i believe. i tried to find the url/thread about this book, that is available as e-book, but didnt found it.

ancev

ps: sluggy, you pm box seens always full, but, anyway, my page is offline by now. seens that somebody traduced coderz.net :tongue:
Posted on 2002-04-22 09:43:12 by ancev
Hi,

code1101:

use the MD4/MD5 algorithm to create a 128 bit key from various sources. MD5 is slightly slower than MD4 but check RFC1321 for more details.

To build a checksum I'd always use CRC. If you plan to crypt some data MD4/MD5 is a gut choice just to get a key for Blowfish/Twofish and many others. The main point in MD4/MD5 is that you can easily get a key but you will hardly be able to reverse that process. In other words getting the source from a MDx key is impossible.

At this board there are assembly implementations of MD4 and MD5 too. I far as I remember Roy did this job.

Bye Miracle
Posted on 2002-04-23 02:19:07 by miracle

Because it is widely used allmost anybody knows how to trick this aka
vx and stuff but that is not the algo's fault

Well, actually it *is* the algos fault :). It's designed to catch errors,
not to be cryptographically secure. Btw, I believe CRC wasn't only made
to find errors, but also to be able to correct them...

MD5 is a fair deal slower than CRC32... well, that is, a table-based CRC32.
I've seen a "short but mathematic" way of doing CRC32 that is slower than a
optimized C version of MD5.

MD5 should be pretty secure, but there are *some* attacks on it. These
attacks shouldn't matter if you're just doing file integrity checking, but
they might matter for cryptographical stuff. You should probably use SHA
or Tiger for anything "paranoid".
Posted on 2002-04-23 09:54:10 by f0dder