Re: What is the best way to create and validate an MD5 file fingerprint?

Tech-Archive recommends: Fix windows errors by optimizing your registry


"Justin Piper" <jpiper@xxxxxxxxx> wrote in message
news:op.tml3ysotcs3d1w@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Tue, 23 Jan 2007 08:48:48 -0600, McKirahan <News@xxxxxxxxxxxxx> wrote:

"mark4asp" <mark4asp@xxxxxxxxx> wrote in message
In 1996, a flaw was found with the design of MD5; while it was not a
clearly fatal weakness, cryptographers began to recommend using other
algorithms, such as SHA-1. In 2004, more serious flaws were
discovered making further use of the algorithm for security purposes
questionable."

It's worth mentioning that SHA-1 has similar flaws that make it less
suitable for security than it once was as well. Either would still be
suitable for simply verifying that a file was not corrupted in transit,
though.

--
Justin Piper
Bizco Technologies
http://www.bizco.com/

I think you are right. For many applications, such as file transmission and
storage, the only problem you need to handle is detecting changes to the
file. You need an algorithm that makes it difficult for the file to be
changed in a way that the MD5/CRC/whatever 'signature' doesn't change. For
other applications, such as passwords and software keys, an MD5 signature is
nearly worthless because the rainbow method makes it so easy to extract the
original password or software key from the signature.

The original poster wanted "I want to use WMI to create an MD5 fingerprint
for a large file (>= 50
Mb)." I'm thinking 50Mb would be pretty hard to extract from an MD5
signature. I don't how difficult it would be to change a 50Mb file without
changing its MD5 signature, Have you seen any web site with figures on
this?


.

Relevant Pages

  • Re: [PHP] need insights on encrypting and uploading ASCII file using PHP
    ... John A DAVIS wrote: ... As a sample of how this would work you read the file into memory, add a long string, the signature, that is never transmitted but that both ends know, and pass it all through an algorithm like MD5 or such. ... Or you could burn a CD and sent it through the mail, publish keys in the newspaper under personal ads, flash Morse code on clouds, or try smoke signals -- all work in one fashion or another to transmit data. ...
    (php.general)
  • Re: RSA signing security
    ... and these are used to sign a hash (MD5) of the data. ... came from a particular logger, and has not been tampered with since. ... No matter how clumsy the RSA signature padding/protocol is, ... that no publicly known technique allows attacking a particular system). ...
    (sci.crypt)
  • Re: HMAC-MD5 shown not compromized by MD5 collisions
    ... If the signature scheme first enters ... other one with neither signature changed, as in practice MD5 and SHA1 ... PGP seems to hash the public key as submitted. ... If the attacker is to inject meaningful data where the messages ...
    (sci.crypt)
  • Re: Encrypting /etc on Linux
    ... > as effective regardless of the algorithm used. ... but MD5 will fall as computers get faster. ... but doesn't help for local logins. ... Well if the OP wants secure logins but can't gurantee secure /etc ...
    (comp.security.unix)
  • Re: MD5
    ... > In PHP there is MD5 function it converts strings to MD5 encription, ... MD5 is not ment as an encryption to be decrypted, but only as a signature. ... Message digest algorithms have much in common with techniques ...
    (comp.lang.php)