23place
1-abc.net Duplicate Finder 6 All the ideas and discussions
0 votes Vote

Use a different checksum validation, CRC-32 is quite malleable.

CRC-32 digests are malleable, you can modify a file to get the CRC-32 you're looking for. A more interesting hash to check against would be SHA-1, it probably takes longer to compute but you get the guarantee that the file contents are actually equal so the same hash.

PS. The thing about malleability of CRC-32 can be seen for example in BIOS firmware images, sometimes they're internally padded so that its CRC-32 is FFFFFFFF.

aphanic, 15.04.2014, 09:54
Idea status: under consideration

Comments

Leave a comment