Re: MD5 collisions found - alternative?

[Sam Vilain <sam@securaserv.com>]

Robert Trebula wrote:

> Maybe you have already noticed - collisions have been found in MD5 
> hashing algorithm:
> http://eprint.iacr.org/2004/199.pdf
> http://www.freedom-to-tinker.com/archives/000664.html
> http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
> My question is: Is there an easy way to make my debian sid 
> installation use something else (better) than md5 for various things? 
> Namely SHA-1 with some longer output in PAM.


I think cryptanalysts have 'cracked' pretty much all of them, though 
with practically prohibitive costs of cracking them (eg, 2^50 for SHA-0).

http://www.mail-archive.com/cryptography@metzdowd.com/msg02554.html
http://www.freedom-to-tinker.com/archives/000661.html


However, a 2^50 chance, as opposed to the ideal 2^160 still strikes me 
as pretty good chances.  Maybe I'm just not paranoid enough to be a 
cryptographer ;-).

My personal thought is that you could make the hash more secure simply 
by running md5 and SHA1 (maybe pepper on another one for good luck) 
across a single stream at the same time, and simply xor the resultant 
hashes together.  You could pretty much add up the "cost" of the attacks 
against the keys. 

An exploration of this approach has just been uploaded to CPAN as 
Digest::SV1.  It's at;

 http://search.cpan.org/dist/Digest-SV1

Sam.