Re: File Integrity Check

["Dave Gillett" <davidg () genmagic com>]

On 16 Aug 99, at 10:18, Adam Shostack wrote:

> On Sun, Aug 15, 1999 at 05:29:13PM -0400, Scot Anderson wrote:
> | CRC is a Cyclic Redundancy Check.  It's a polynomial, calculating a *very*
> | unique value based on content.  Much more effective than a MD5 or any other
> | checksum.
>
> Define *very*.  Most CRCs are order 16-32 bits.  MD5 is 128 bits.
>
> Please also define "more effective".  If you mean "fast, cheap," sure.
> If you mean secure, there are few checksums as useless as a CRC, since 
> bits can trivially be appended to the item under check to confuse it.
>
> Adam
>
>
> | In the old days, we used to use this lots with the x/y/zmodem protocols, and
> | always ended up coding it in assembler for the individual machines to keep
> | the speed up.

  16-bit CRCs are small enough that fast implementations using a couple of 
256-byte tables were well-documented (by 1987, when I needed to implement 
them in a project), obviating the need to resort to low-level code to obtain 
reasonable performance on devices with more than a K or two of RAM.

  CRC is a reasonably efficient way to detect accidental transmission errors; 
it does a much better job of this than a simple checksum can.
  Limited length and fast calculation go hand-in-hand to make deliberately  
*faking* a 16-bit CRC check TRIVIAL.  [Faking a 32-bit CRC is harder, but 
should still be almost 10 orders of magnitude faster/easier than faking an 
MD5 signature....]




David G