Re: MD5 collisions found - alternative?
On 24 Aug 2004, Sam Vilain wrote:
> Robert Trebula wrote:
>
>> Maybe you have already noticed - collisions have been found in MD5
>> hashing algorithm:
[...]
> I think cryptanalysts have 'cracked' pretty much all of them, though
> with practically prohibitive costs of cracking them (eg, 2^50 for
> SHA-0).
[...]
> My personal thought is that you could make the hash more secure simply
> by running md5 and SHA1 (maybe pepper on another one for good luck)
> across a single stream at the same time, and simply xor the resultant
> hashes together. You could pretty much add up the "cost" of the attacks
> against the keys.
Be aware that this sort of technique "multi-encryption" technique can
lead to significant exposures when applied to traditional crypto; it can
produce results that allow a vastly simpler attack on the protected
information.
I would not put my name to a recommendation about how to make a
cryptographic product or protocol "more secure" unless I had sufficient
background in the area to know the full implications of my recommended
actions.
Regards,
Daniel
--
If a joke is worth telling, it's worth telling once.
-- Ollie MacNoonan
Reply to: