request for comments on rsp32 checksum

Question

This source code was based on adler32

It aparently provides the same level of security of crc32 but 50 % faster

If it has a flaw can someone show to me where is the flaw and why it is better to stay with crc32 ?

It is not easy to find data collisions in the same level as crc32, at least in my tests

unsigned int rsp32 (unsigned int adler, const unsigned char *buf, unsigned int len)
{
     uchar  s1 = adler & 0xff;
     uchar  s2 = (adler >> 8) & 0xff;
     uchar  s3 = (adler >> 16) & 0xff;
     uchar  s4 = (adler >> 24) & 0xff;
     int    svansa = 0;
     int    ok12 = len;

     if (buf == NULL)
       {
        return 1L;
       }

     while (ok12)
       {
        s1 += buf[svansa++];
        s2 += s1;
        s3 += s2;
        s4 += s3;
        ok12--;
       }

     return s1 + (s2 << 8) + (s3 << 16) + (s4 << 24);
}

Answer 1

It sure does provide the same level of security as crc32, which is "no security at all". CRC and ADLER checksum are not cryptographic hashes, and they are not designed to withstand deliberate attack. They're designed to guard against inadvertant errors, like line noise, and that's all.

Having said that, it looks like a reasonable checksum.