[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 collisions found - alternative?

Robert Trebula wrote:

Maybe you have already noticed - collisions have been found in MD5 hashing algorithm:
My question is: Is there an easy way to make my debian sid installation use something else (better) than md5 for various things? Namely SHA-1 with some longer output in PAM.

I think cryptanalysts have 'cracked' pretty much all of them, though with practically prohibitive costs of cracking them (eg, 2^50 for SHA-0).


However, a 2^50 chance, as opposed to the ideal 2^160 still strikes me as pretty good chances. Maybe I'm just not paranoid enough to be a cryptographer ;-).

My personal thought is that you could make the hash more secure simply by running md5 and SHA1 (maybe pepper on another one for good luck) across a single stream at the same time, and simply xor the resultant hashes together. You could pretty much add up the "cost" of the attacks against the keys. An exploration of this approach has just been uploaded to CPAN as Digest::SV1. It's at;



Reply to: