Welcome to the wolfSSL Forums!

gussabina · 2018-06-20 12:27:02

gussabina
Member
Offline

Registered: 2017-07-02
Posts: 24

Topic: Using MD5 vs SHA-2 for firmware image integrity check

Hello:
I'm using WolfSSL 3.9 and TLS1.2 running on a Cortex M4 @ 120MHz. Also using ATMEL ATECC508A crypto chip.

I'm downloading firmware to the flash and I need to verify image integrity. I was thinking on using Hash algorithm to verify the integrity. Should I use MD5 (deprecated) instead of SHA-256/512 to have better performance? Since this is an integrity check, I thought using MD5 wouldn't be a problem... Is this correct? Any advise?

Note: firmware image size is ~ 300KBytes.

Thanks
Gus

Kaleb J. Himes · 2018-06-21 09:56:44

Kaleb J. Himes
Moderator
Offline

From: Bozeman
Registered: 2014-05-09
Posts: 777

Re: Using MD5 vs SHA-2 for firmware image integrity check

Hi gussabina,

Thanks for using the wolfSSL forums!

The weakness in MD5 is due to lack of collision resistance not pre-image based attacks and the speed of the algorithm (it's fast). This makes it extremely easy to generate and compare millions of hashes quickly so if you're using MD5 to hash a password it's generally bad. If however you are hashing a FILE (such as firmware) it would be computationally impractical for a malicious user to try and reproduce your firmware bit-for-bit and try to match the hash. Furthermore he would have to control your file to reproduce the hash, if he did not influence it's creation the collision attack would not work.

That being said the community does tend to encourage users to migrate away from MD5, currently preferring SHA256, SHA3, or SHA512 (or one of the truncated versions of those). Ultimately the choice is yours.

Warm Regards,

Kaleb

gussabina · 2018-06-22 14:25:42

gussabina
Member
Offline

Registered: 2017-07-02
Posts: 24

Re: Using MD5 vs SHA-2 for firmware image integrity check

Thanks, Kaleb.

BTW, is MD5 supported in wolfSSL? I'm using v. 3.9 and I only found MD2.c in the files...

Thanks
Gus

Kaleb J. Himes · 2018-06-22 15:03:52

Kaleb J. Himes
Moderator
Offline

From: Bozeman
Registered: 2014-05-09
Posts: 777

Re: Using MD5 vs SHA-2 for firmware image integrity check

Hi Guassabina,

MD5 was first added to wolfSSL in 2011 and release 3.9 went out in 2016 so yes the file <wolfssl-root>/wolfcrypt/src/md5.c should exist in that version!

Warm Regards,

- Kaleb

Kaleb J. Himes · 2018-06-22 15:03:54

Kaleb J. Himes
Moderator
Offline

From: Bozeman
Registered: 2014-05-09
Posts: 777

Re: Using MD5 vs SHA-2 for firmware image integrity check

Hi Guassabina,

MD5 was first added to wolfSSL in 2011 and release 3.9 went out in 2016 so yes the file <wolfssl-root>/wolfcrypt/src/md5.c should exist in that version!

Warm Regards,

- Kaleb

Welcome to the wolfSSL Forums!

Using MD5 vs SHA-2 for firmware image integrity check

Posts: 5

1 Topic by gussabina 2018-06-20 12:27:02 (edited by gussabina 2018-06-20 12:28:48)

Topic: Using MD5 vs SHA-2 for firmware image integrity check

2 Reply by Kaleb J. Himes 2018-06-21 09:56:44

Re: Using MD5 vs SHA-2 for firmware image integrity check

3 Reply by gussabina 2018-06-22 14:25:42

Re: Using MD5 vs SHA-2 for firmware image integrity check

4 Reply by Kaleb J. Himes 2018-06-22 15:03:52

Re: Using MD5 vs SHA-2 for firmware image integrity check

5 Reply by Kaleb J. Himes 2018-06-22 15:03:54

Re: Using MD5 vs SHA-2 for firmware image integrity check

Posts: 5