Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!ames!oliveb!tymix!antares!jms From: jms@antares.UUCP (joe smith) Newsgroups: comp.sys.amiga Subject: Re: The Ultimate Fix!!! Summary: checksums are not infallible Message-ID: <159@antares.UUCP> Date: 25 Sep 88 02:56:38 GMT References: <693@zehntel.UUCP> Reply-To: jms@antares.UUCP (joe smith) Organization: Tymnet QSATS, San Jose CA Lines: 25 One of the assumptions that the original poster of this article is using is the idea that if a given block has the right checksum, then it has not been corrupted. This is not true. If two blocks have different checksums, then they are guarenteed to be different. But two blocks having the same checksum does NOT mean that they are identical. A 512 byte block has 4096 bits; there are 2**4096 different combinations possible. But reducing all that data down to 32 or so bits allows many different blocks to result in the same checksum. For a given checksum, it is possible to create N different blocks with that checksum. For D data bits and C checksum bits, N is on the order of 2**(D-C). (Granted, not bogus blocks result in executable code.) In summary; while checksums are good insurance against random corruption of bits in a block, they are not infallible against deliberate corruption. A mechanism that uses only checksums can be fooled by a determined hacker. This is true regardless of which checkum algorithm is used, as long as the checksum has significantly fewer bits than the block it is protecting. -- +----------------------------------------------------------------------------+ | TYMNET:JMS@F29 CA:"POPJ P," UUCP:{ames|pyramid}oliveb!tymix!antares!jms | | INTERNET:JMS%F29.Tymnet@Office-1.ARPA PHONE:Joe Smith @ (408)922-6220 | +----------------------------------------------------------------------------+