CRC32, MD4, MD5, SHA1

[Adrive]

Hi

i have found many solutions to calculate and get CRC32, MD4, MD5, SHA1 Values of a file using AutoIt.

but can we change these values of a file?

i am creating a Uploader program in Autoit and sometimes when File Hosting service blocks uploading of a file my program changes the name of file and tries to upload again but it does not work.

To Upload the files i have to change the CRC32, MD4, Or MD5 of file to upload it.

i want to add compatibility of changing these values in my program. so, all files 'll be upload able.

it is possible in PHP using "fopen" and "fwrite" functions but i have no idea how i can do it in AutoIt.

[FlyinRiz]

Hi

i have found many solutions to calculate and get CRC32, MD4, MD5, SHA1 Values of a file using AutoIt.

but can we change these values of a file?

i am creating a Uploader program in Autoit and sometimes when File Hosting service blocks uploading of a file my program changes the name of file and tries to upload again but it does not work.

To Upload the files i have to change the CRC32, MD4, Or MD5 of file to upload it.

i want to add compatibility of changing these values in my program. so, all files 'll be upload able.

it is possible in PHP using "fopen" and "fwrite" functions but i have no idea how i can do it in AutoIt.

Anyone can correct me if I'm wrong and I hope I understand your question correctly.

CRC32, MD4/5 and SHA1 values are all checksums of files (see Checksum) and by definition, are unchangable w/o changing the file itself. So unless you get lucky with creating a file that happens to generate the same value (I'd say all but impossible), it's not possible.

As far as fopen and fwrite, these functions are for writing to a file not changing the checksums manually.

Again, if I misunderstood you, let me know and I'll try to help.

-Aaron

[jchd]

@Adrive,

What you refer to (checksums and hash values) are short values (32 to 512 bits, depending on chosen algorithm) computed from the whole content of a file. They somehow "condense" the content of a file into a singular value. Ideally, changing any bit or combination of bits/bytes/words in the file will produce a different hash value. Strong hashes are used to electronically sign a document: you formally agree that you electronically signed contract having SHA256 [this and that]. Typically, signatures comes with some proof of their existence by using strong encryption using keys known to belong to signees.

Hash signatures are also widely used for checking credentials: rather than maintaining a list of valid login/passwords (a huge security/abuse risk!), just maintain a list of hashes of these valid combinations (with a grain of "salt").

When two distinct file contents produce the same hash (for a given algorithm) we say the files are in collision for this algorithm. The longer the hash value, the less odds exists that a collision occurs. In practice, spontaneous collisions (those occuring within a large set of useful files on a PC or server, or even on an organization) are very rare events. Despite, some early algorithms are said to be broken, in that one can twist the content of a file and change it to something else so that the two files collide. MD5 has been the workhorse of hashing/signing for some time, but techniques have appeared that allow you to produce collisions almost at will on a stock PC. That makes MD5 a terrible choice to sign a document, as the other party could produce a completely different document with the same signature and pretend I signed the phony version.

Forget CRC32, it's an unreliable and naive checksum algorithm. Anyone can produce CRC32 collision by the yard using a 8-bit micro-controller.

MD5 is still useful for most today's use, as long as there is no adversary in the process: deciding that files are identical by looking at their MD5 is still fine for an AV program, or limiting FTP server load by detecting that files are identical and excluding them from actual transfer. The odds of spontaneous collision is in the realm of 2^-128, much lower a chance than to get killed by a meteorit.

SHA variants are stronger, SHA1 being known as a possible target for some attack.

You could have discovered all this by googling.

To answer your question, there is no possible way of changing the hash of a file without changing its content.

Example of the effect of 1-bit change on a random string using MD5:

MD5("Adrive owes jchd US$ 000,000.00") = 0xF2DE08D8FC5069C2DBCF97587FC83A15

MD5("Adrive owes jchd US$ 100,000.00") = 0x013C32649D58879685EB96D19CE3B065

Edit: here's a nice free & open source tool to compute hashes.

Edited August 11, 2010 by jchd