Use a different checksum validation, CRC-32 is quite malleable.

CRC-32 digests are malleable, you can modify a file to get the CRC-32 you're looking for. A more interesting hash to check against would be SHA-1, it probably takes longer to compute but you get the guarantee that the file contents are actually equal so the same hash.

PS. The thing about malleability of CRC-32 can be seen for example in BIOS firmware images, sometimes they're internally padded so that its CRC-32 is FFFFFFFF.

aphanic, 15.04.2014, 08:54

Idea status: under consideration

Comments

Without registration

Name		Required
e-mail		Required

Login		Use 3 to 18 characters, Latin characters or numbers	This login is not availableThis login is available
e-mail
Password		Use 3 to 18 characters, Latin characters or numbers
Re-type password
	Remember me

	Sign up

What is Idea Informer?
RSS feed

Login
Password		Forgot your password?
	Remember me


E-mail

Use a different checksum validation, CRC-32 is quite malleable.

Comments

Leave a comment