Josh Boyer wrote:
On 2/27/07, Wolfgang Denk wd@denx.de wrote:
Hello,
I'm trying to figure out what could be done to add (at least in some cases) more information to U-Boot images.
In this case, the existing CRC32 checksum is not sufficient; therequirement is to use some stronger hashes (md5 or sha1) to verify the correctness of the kernel and file system images.
Just curious, but why isn't CRC32 sufficient exactly?
josh
CRC32 is pretty weak with respect to: * Multibit errors: * It will detect all single bit errors - good * It will detect all two bit errors up to a block size that is dependent on the CRC length & polynomial (2KBytes for CRC-32 IIRC, but I may recall incorrectly - much less than a u-boot image size in any case) - bad * It detects some multibit errors but not all of them - bad * Cryptography: it is trivial (cryptographically speaking) to "fix up" the CRC after changing something in the block it is covering - very bad.
Ref: http://en.wikipedia.org/wiki/List_of_checksum_algorithms http://en.wikipedia.org/wiki/Cyclic_redundancy_check
HTH, gvb