

CRC32 collisions - NZT73

Hello,
First I will apologise for my coding ability.  I am by no means a developer, but am trying - through endless books and web sites - to learn.  What I do have is a good understanding - I believe - of the theory behind CRC32 encryption, and as a result of a bet with a work colleague, have a request for some help :)<p>He has applied a password to a file, he has then given me the Password Checksum.  The challenge is for me to deliver to him an alternative password.  Now I know this is possible through many third party tools, but the challenge is that I write something to do it.<p>My understanding is that if I can write something that causes a CRC32 hash collision, I could apply that resultant string as a password, and it would work.<p>The file is a .PST file, and through reading, I understand that the password protection is very "docile".  While that may be the case, it is smarter than me.  I was hoping someone could help me come up with some code that would at least point me in the right direction :)<p>Oh lastly, I am focusing my efforts on learning C Sharp currently, but in a hope to get the foundations strong, progress is slow :)<p>Thank you in advance.
======
user24
My first port of call would be to perform a dictionary attack against the
hash. Then I'd move on to brute forcing. If there's a cryptographic attack
then that would be best, but I don't know enough about crc32 to say whether
that's possible.

Would you like some help writing dictionary/brute force code, or did you have
in mind an attack against the algorithm itself?

~~~
NZT73
To be honest, any help at all would be HUGELY appreciated. Ideally, I would
think an attack against the algorithm itself would be better, but what ever is
most efficient would do :) I have seen things like this :
<http://www.nirsoft.net/articles/pst_password_bug.html> written, and it makes
it sound so very straight forward.

~~~
user24
It looks like there are a variety of attacks against crc32 - eg
<http://skilinium.com/blog/downloads/CRC.pdf>

but that's all a bit above my head, and moreover is designed for attacking
very long inputs, eg binary files.

If you know it's a password, then something like this pseudocode should run
fast enough:

var crc32 = 'theHashGoesHere';

var wordsArray = readFile('someLargeDictionary.txt');

for(word in wordsArray) {

    
    
      if(crc32(word)==crc32) {
    
        print 'The password is '+word;
    
        break;
    
      }
    

}

Of course that will only work if the hash is a single word that exactly
matches one of the words in your dictionary. You can get a bit cleverer by
doing things like this:

var crc32 = 'theHashGoesHere';

var wordsArray = readFile('someLargeDictionary.txt');

for(word in wordsArray) {

    
    
      if(crc32(word)==crc32) {
    
        print 'The password is '+word;
    
        break;
    
      }
    
      if(crc32(lowercase(word)) == crc32) {
        print 'The password is '+lowercase(word);
        break;
      }
    
      if(crc32(uppercase(word)) == crc32) {
        print 'The password is '+uppercase(word);
        break;
      }
    
      for(num in [00-99]) {
        
        if(crc32(word+num) == crc32) {
    
          print 'The password is '+word+num;
    
        }
    
      }
    

}

and so on.

------
NZT73
To be honest, any help at all would be HUGELY appreciated. I have seen things
like this : <http://www.nirsoft.net/articles/pst_password_bug.html> written,
and it makes it sound so very straight forward.

------
nodata
Maybe this would be better posted on StackOverflow?

~~~
NZT73
Thanks for the heads up. I'll sort that out now :)

