[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 collisions found - alternative?

On 24 Aug 2004, Sam Vilain wrote:
> Robert Trebula wrote:
>> Maybe you have already noticed - collisions have been found in MD5
>> hashing algorithm:


> I think cryptanalysts have 'cracked' pretty much all of them, though
> with practically prohibitive costs of cracking them (eg, 2^50 for
> SHA-0).


> My personal thought is that you could make the hash more secure simply
> by running md5 and SHA1 (maybe pepper on another one for good luck) 
> across a single stream at the same time, and simply xor the resultant 
> hashes together.  You could pretty much add up the "cost" of the attacks 
> against the keys.

Be aware that this sort of technique "multi-encryption" technique can
lead to significant exposures when applied to traditional crypto; it can
produce results that allow a vastly simpler attack on the protected

I would not put my name to a recommendation about how to make a
cryptographic product or protocol "more secure" unless I had sufficient
background in the area to know the full implications of my recommended

If a joke is worth telling, it's worth telling once.
        -- Ollie MacNoonan

Reply to: