[cryptography] rolling hashes, EDC/ECC vs MAC/MIC, etc.

Steven Bellovin smb at cs.columbia.edu
Sat May 21 10:00:27 EDT 2011

On May 21, 2011, at 3:53 47AM, travis+ml-rbcryptography at subspacefield.org wrote:

> On Fri, May 20, 2011 at 05:18:16PM -0500, Nico Williams wrote:
>>> I wonder if A/V shouldn't use something similar?
>> The rsync rolling CRC is useful for detecting insertions an deletions
>> -- i.e., remote diff.
> Right, but right now some anti-virus does hashes over the whole file,
> or so I've heard, and so even a single bit flip in a resource (icon)
> can defeat some of them.

Anti-virus programs have long since abandoned simple, whole-file matches,
for all of the obvious reasons.  Some even emulate execution of the file
to see what actually happens.  See http://en.wikipedia.org/wiki/Antivirus
(and of course its references) for details.

		--Steve Bellovin, https://www.cs.columbia.edu/~smb

More information about the cryptography mailing list