Security Basics mailing list archives
RE: TCP/IP CRC question
From: Simon Zuckerbraun <szucker () sst-pr-1 com>
Date: Wed, 13 Oct 2004 00:16:02 -0500
Clement,Could you explain this for me a little more? I don't yet understand the scenario. If the attacker is able to alter the data within the packet, I would think that he'd also be able to alter the checksum to correspond. In what scenario does the attacker have a need to find a collision?
Where have I gone wrong? Thanks, Simon -----Original Message----- From: Clement Dupuis [mailto:cdupuis () cccure org] Sent: Friday, October 08, 2004 5:40 PM To: miles () mstevenson org Cc: security-basics () securityfocus com Subject: RE: TCP/IP CRC question Good day to all,Lately I had a similar conversation with William Stearns and Joshua Wright on CRC32 attack on wireless network. We always hear about potential attack that are possible but rarely see example of a collision. Joshua wrote a brute forcer that allowed him to find a collision as follows for an SQL update statement:
----------------------------------------------------------- "UPDATE payroll SET wage = 10.75 WHERE empno = 11"This is what I'm going to call the "intended data", with a CRC of 0x954f8133. The adversary-modified data removes the decimal point and changes the employee number to 18, terminating the SQL and added a comment to the UPDATE statement:
"UPDATE payroll SET wage = 1075 WHERE empno = 18; -- pN#j," Which has a matching CRC as the previous statement. ----------------------------------------------------------------Although not common, there are ways to get the same CRC32 values or a collision if someone really wanted to attempt an attack. It only requires a bit of programming and patience.
Clement
Current thread:
- Re: TCP/IP CRC question, (continued)
- Re: TCP/IP CRC question Alex V . Lukyanenko (Oct 07)
- Re: TCP/IP CRC question Fernando Gont (Oct 07)
- RE: TCP/IP CRC question Shaineel Singh (Oct 07)
- Re: TCP/IP CRC question Ansgar -59cobalt- Wiechers (Oct 07)
- Re: TCP/IP CRC question Fernando Gont (Oct 07)
- Re: TCP/IP CRC question Miles Stevenson (Oct 07)
- Re: TCP/IP CRC question Miles Stevenson (Oct 08)
- RE: TCP/IP CRC question Clement Dupuis (Oct 12)
- Re: TCP/IP CRC question Miles Stevenson (Oct 08)
- Re: TCP/IP CRC question Don Parker (Oct 07)
- RE: TCP/IP CRC question Ted A (Oct 07)
- RE: TCP/IP CRC question Simon Zuckerbraun (Oct 13)
- Re: TCP/IP CRC question Alex V . Lukyanenko (Oct 07)