The CRC32 algorithm is a member of the CRC family, namely the 32-bit version. 32-bit refers to the length of the checksum returned by the function. While less secure than, for instance, an MD5 checksum, the CRC32 algorithm is still very fast and good in that is highly numerically unstable. Originally, it was implemented in a serial fashion using simple register shift operations, but modern implementations tend to be parallell and thus approximately ten times faster.

The CRC32 algorithm is used in the zip compression system, and during the mid-nineties it was ubiquitous in z-modem implementations. For a good while this was the only places where you would see it as a non-programmer, but the last few years have seen it being used in the many SFV, or Simple File Validator, programs used in the piracy scene.

It should be noted that the different variations of CRC32 are not necessarily compatible, e.g. java.util.zip.CRC32 is not compatible with SFV or the freeware Java implementation floating around the net.

Using CRC32 for hashing passwords is a very bad idea. The reason is that, although CRC32 is numerically unstable, it is possible to recover information about the input. A better choice would be to use MD5 or SHA-1, but you should probably also use a salt to make it more secure against dictionary attacks.

For a good example, and more information, read section 5 in the document "The Breaking of Cyber Patrol 4", easily found on the WWW.

Log in or register to write something here or to contact authors.