Re: MD5 collisions found - alternative?

To: debian-security@lists.debian.org
Subject: Re: MD5 collisions found - alternative?
From: Phillip Hofmeister <plhofmei@antiochcomputerconsulting.com>
Date: Tue, 24 Aug 2004 12:20:24 -0400
Message-id: <[🔎] 20040824162024.GA6569@antiochcomputerconsulting.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87pt5gio8x.fsf@enki.rimspace.net>
References: <[🔎] 412B14D7.2080300@deepblue.sk> <[🔎] 412B417D.4060800@securaserv.com> <[🔎] 87pt5gio8x.fsf@enki.rimspace.net>

On Tue, 24 Aug 2004 at 10:50:38AM -0400, Daniel Pittman wrote:
> Be aware that this sort of technique "multi-encryption" technique can
> lead to significant exposures when applied to traditional crypto; it can
> produce results that allow a vastly simpler attack on the protected
> information.
> 
> I would not put my name to a recommendation about how to make a
> cryptographic product or protocol "more secure" unless I had sufficient
> background in the area to know the full implications of my recommended
> actions.

If I understand your postulate correctly:

If I, the user, encrypt a message with algorithm X and the cipher text
is intercepted by the attacker.  The attacker can make his chances of
brute forcing the text BETTER by encrypting my cipher text with algorithm
Y.  This simply does not hold up.

-- 
Phillip Hofmeister

Reply to:

Follow-Ups:
- Re: MD5 collisions found - alternative?
  - From: Matthew Palmer <mpalmer@debian.org>

References:
- MD5 collisions found - alternative?
  - From: Robert Trebula <r0b0@deepblue.sk>
- Re: MD5 collisions found - alternative?
  - From: Sam Vilain <sam@securaserv.com>
- Re: MD5 collisions found - alternative?
  - From: Daniel Pittman <daniel@rimspace.net>

Prev by Date: Re: sshd: Logging illegal users
Next by Date: Re: apt 0.6 and how it does *not* solve the problem
Previous by thread: Re: MD5 collisions found - alternative?
Next by thread: Re: MD5 collisions found - alternative?
Index(es):
- Date
- Thread