in reply to Re: Re: Re: How safe is truncating an MD5 digest string?
in thread How safe is truncating an MD5 digest string?

Are you saying that given a size and a target CRC checksum other than zero, it's easy to compose a message of length size that produces the target checksum?
Yes.

Also, if you know the CRC of some data, you can calculate the CRC of "data xor something", even if you don't know what the data was! 

use String::CRC32;
# given $crc == crc32($data)
$crc2 = $crc ^ crc32($diff) ^ crc32("\0" x length($diff));
# now, $crc2 == crc32($data ^ $pad.$diff)
# where $pad = "\0" x (length($data) - length($diff))

[download]

Replies are listed 'Best First'.
Re: Tweaking CRCs
by John M. Dlugosz (Monsignor) on Sep 13, 2001 at 09:43 UTC
    So, although it's good at finding accidental mutations to data, it's quite easy to contrive a change that produces a given checksum.

    It seems to me that for any hash function, if you only have 2**32 different fingerprints, you can find something by brute force.

[reply]

In Section Seekers of Perl Wisdom