Notifications

Clear all

SHA-1 SHA-256 SHA-512??

mscotgrove · 2011-03-04T15:28:12Z

The software I have developed has MD5 hash values. I have received requests to include SHA-??.Does anyone have views on which would be considered most useful. SHA-1 is very common, but is the extra security of SHA-256 and SHA-512 actually worth the effort.Academics seem keen to point out that MD5 and SHA-1 have been broken, but has this ever been critical in a court case?

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by Patrick4n6 14 years ago

13 Posts

8 Users

0 Reactions

4,677 Views

RSS

markg43

(@markg43)

Trusted Member

Joined: 18 years ago

Posts: 77

06/03/2011 12:44 pm

DOJ currently only requires MD5 hash as sufficient. If you want to future proof a little, then SHA-1 and 256.

In my work, the software I use makes MD5/SHA1 automatically. Works for me, in order to invalidate my evidence you would have to break both algorithms on the SAME file.

To my knowledge, the eggheads have not done that yet. Please correct me if I am mistaken anyone. Preferable with a link.

ReplyQuote

mgilhespy

(@mgilhespy)

Estimable Member

Joined: 16 years ago

Posts: 102

06/03/2011 1:17 pm

Can any Australian members comment on whether this ruling back in 2005 has had any ongoing influence?

The NSW Roads and Traffic Authority (RTA) concedes that a court's decision to throw out a traffic infringement case had created "some uncertainty" about speed camera detection.
…
…
RTA lawyers told the court they could not find an expert to prove the authenticity of mathematical algorithms published on each picture.

The algorithms known as MD5 are used as a security measure to prove the pictures have not been altered after they are taken.

Link MD5 doubts in Oz?

ReplyQuote

Patrick4n6

(@patrick4n6)

Honorable Member

Joined: 16 years ago

Posts: 650

08/03/2011 4:34 am

Aussie and although living in the US I'm au-fait with Oz law and was working LEO forensics in another state in Oz when that case occurred. That case doesn't prove anything other than if you don't have your witnesses lined up, don't bother going to court. I don't see in the article that it was dismissed with prejudice, which means that the govt can get their ducks in a row and do over.

And back to the MD5 issue as posted

Hashing has 2 functions in forensics validating your images haven't broken / been tampered; and KFF. There is no protection in the world that's going to defend you against a malicious examiner, especially not MD5, since if one were to plant or falsify evidence, they would merely need to do so before the initial hash. MD5 is more a check that your images haven't been corrupted, requiring the examiner to go back to their original image and re-make another working image. As for KFF, only an idiot would submit evidence based purely upon a match and not hit it with a Mark 1 Eyeball.

Hashing is always in my experienced combined with another method to verify, e.g. source hash with a good chain of custody process, and KFF with a visual inspection, meaning that more than a possible exploit of the MD5 algorithm is needed to invalidate it.

ReplyQuote

Page 2 / 2 Prev

Android Forensics

I have conducted a logical and partial extraction of a ...

By SgtAndroid , 1 day ago
Article: The Balance Between Digital Forensic Examiners And Digital Evidence Technicians: Expertise Vs. Efficiency

Can digital forensic labs cut backlogs without cutting ...

By Zoe , 2 days ago
Prefetch Question

Hello All, I have a question regarding Windows prefet...

By Forensic_Tester , 3 days ago

8 Forums
15.7 K Topics
92.3 K Posts
182 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed