Implements a naive brute force attack on CRC32. Given a target string t
and an evil string a
, finds the number of padding ' ' bytes needed to be appended to a
such that crc32(a+padding) == crc(t)
. This would work fine on e.g., Python's JSON parser, which ignores extra whitespace.
On my Macbook Pro (2.6 GHz Intel Core i5), does about 200,000 attempts/second. If we assume CRC32 is evenly distributed (probably not), we can get values for all digests in 6 hours.
Shows that CRC32 is insecure simply on the basis collisions being not unlikely.
- Divide the search space and distribute the problem among threads or CPUs.
- Keep messages shorter by allowing more whitespace/no-op characters and cycling through them (needs more domain knowledge)
- There's certainly a way to coerce
crc32(a+padding)
towardscrc32(t)
without brute force