Edenprime
Embedded Security Wireless Sensors Algorithms Software Contact
Embedded Systems Design and Development Security Wireless Forensics Algorithms Software Contact
Embedded Systems Design and Development Security Wireless
Sensors Algorithms Software

All-Zero Hash Calculator (free)

epAllZeroHashCalculator

Download All-Zero Hash Calculator

Click here for License

This simple application calculates the expected CRC32 (ITU-T V.42), MD5, SHA1 and SHA256 hash values for a specified length of all-zero data. The calculation of these values is accelerated to provide a result in approximately one second for data lengths of up to 2TB (two terabytes).

Reliable verification that large data area contains only all-zero is a recurring non-trivial requirement within digital forensics, either to validate that there is no information within an area to be examined, or to validate that all data has been removed during wiping. While verification by inspection is viable for small data lengths, this is impracticable for large data areas which may be gigabytes or event terabytes in size (such as 'cleared' hard disk or partition). What is therefore needed is a simple, quick and forensically sound method to perform this verification.

One common suggestion is to perform a CRC across the data span. Most CRCs do not produce an all-zero result when calculated across all-zero data (in fact they are generally designed to avoid this). For those CRCs which do generate a zero result for all-zero data (such as CRC16 [kermit]) the result does not in itself validate that the entire data length has been calculated upon, nor is the results secure from data tampering (the data upon which the calculation is being performed can be easily manipulated by a third party to contain desired data while still creating the zero checksum).

Since most forensic tools already include the capability to perform a hash (typically MD5, SHA1 or SHA256) across data areas of interest, the suggested methodology is to calculate the hash for the defined length of data using all-zero input values, and then compare this to the hash of the data under consideration. If the hash values match then the data area under consideration is confirmed as being all-zero, and the calculation is confirmed as having processed all bytes.

This tool has therefore been created to quickly compute the expected MD5, SHA1 and SHA256 hash values for the defined length of all-zero data, and uses algorithm acceleration to calculate the required hashes in approximately one second for data sequences up to 2TB in length. The CRC32 value for the all-zero data is also calculated and provided since this is often used for a quick initial test, but as the CRC32 result is easily manipulated only the MD5/SHA1/SHA256 values are recommended for forensic use.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).