Hash and salt collision

Question

I remember a guy telling me that if I let him change 4 bytes he can make a file have any checksum he wants (CRC-32).

I heard mention of salting a hash. I am wonderin

Answer 1

The attack (against CRC-32) is irrelevant if the hash you are using is not CRC-32 - MD5 and SHA-1 are not vulnerable to that kind of attack (yet).

The current attacks against MD5 are where an attacker creates two documents with the same hash.

Salts are used for password verification - they prevent an attacker performing an offline attack against the password database - each user's password has a salt attached to the plain-text before the hashing - then a pre-computed rainbow table of plaintext <-> hashed text is useless.