Subj : Re: MD5/SHA256/etc vs CRC
To   : Fissile Syntax
From : debian
Date : Tue Dec 12 2023 21:17:06

 FS> Some reading on this suggests that it is easier to create a different
 FS> (malware) file with the same checksum as the legitimate one when using
 FS> CRC.  This is apparently much harder than doing so using a hashing
 FS> algorithm, but it is computationally faster to use CRC.
 FS> 
 FS> Several posts suggest that CRC (and BBS users would know this from file
 FS> xfers) is best used to detect errors created by line noise or data
 FS> corruption, rather than for file integrity from a security (rather than
 FS> network engarblement+) standpoint.

Good to know. Even though I have been a dial up user since the late 90s, I haven't really played around too much with BBSes until recently. So, CRC is more for error detection than encrypting or determining if something has been tampered with. Understood. 

 FS> I always use SHA256 or SHA512 for this sort of thing for my personal
 FS> projects. MD5 is outdated, apparently, or so I have read.

I use SHA256 when creating (extremely) long passwords. The rough estimate for a password of that length is about 10,000 years to crack it with todays "supercomputers". Maybe John the ripper can run over a distributed network? 

Anyways, thanks for the useful input!

-Debian

How ya gonna do it? PS/2 it!

--- Mystic BBS v1.12 A48 2022/07/15 (Linux/64)
 * Origin: SPOT BBS / k9zw (700:100/69)

.