[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Lzip-bug] Range_decoder omits internal error check
From: |
John Reiser |
Subject: |
[Lzip-bug] Range_decoder omits internal error check |
Date: |
Wed, 03 Dec 2008 17:35:38 -0800 |
User-agent: |
Thunderbird 2.0.0.18 (X11/20081119) |
Hi,
In lzip-1.2-pre1/decoder.h there is a missing internal error check: a
successful decode of an LZMA stream must produce (0==Range_decoder.code) .
All range coder+decoder pairs have this property. The final value
of the "accumulator" after a successful decode must equal
the initial value before the encode.
Because one of the significant claims for lzip is enhanced error checking
(such as the end-to-end CRC-32 check), then I expect that lzip
does check the final value of the range decoder accumulator.
Also, the README file contains the claim:
The chances of data corruption going undetected are microscopic,
less than one chance in 4000 million for each file processed.
It is true that the chance of random errors being not detected
by CRC-32 is 2**-32. However, the claim is false because random errors
are not the only kind. A determined attacker (or severely broken hardware)
with access to at least 32 consecutive bits can corrupt the file arbitrarily,
yet still force CRC-32 to give the same checksum. Except for covering
slightly more end-to-end processing of the stream, then lzip's use of CRC-32
is not much stronger than checking (0==Range_decoder.code), yet takes
much more time and space.
--
John Reiser, address@hidden
- [Lzip-bug] Range_decoder omits internal error check,
John Reiser <=