Re: MD5 collisions found - alternative?
On 25 Aug 2004, Matthew Palmer wrote:
> On Tue, Aug 24, 2004 at 12:20:24PM -0400, Phillip Hofmeister wrote:
>> On Tue, 24 Aug 2004 at 10:50:38AM -0400, Daniel Pittman wrote:
>>> Be aware that this sort of technique "multi-encryption" technique can
>>> lead to significant exposures when applied to traditional crypto; it can
>>> produce results that allow a vastly simpler attack on the protected
>>> information.
>>>
>>> I would not put my name to a recommendation about how to make a
>>> cryptographic product or protocol "more secure" unless I had sufficient
>>> background in the area to know the full implications of my recommended
>>> actions.
>>
>> If I understand your postulate correctly:
>>
>> If I, the user, encrypt a message with algorithm X and the cipher text
>> is intercepted by the attacker. The attacker can make his chances of
>> brute forcing the text BETTER by encrypting my cipher text with algorithm
>> Y. This simply does not hold up.
>
> For random values of X and Y, you are correct, there is no reason to assume
> that you will get an easier time of it. However, there are plenty of
> examples where (for instance) applying the same algorithm N times
> does not produce N times the security, or even the same level of security.
> The same adverse interaction occurs when you mix different algorithms.
[...]
> It's those sorts of tricky interactions (which aren't immediately obvious)
> which I'm sure led Daniel to warn of the dangers of simplistic "security
> upgrades".
Matt is entirely correct in his statements - this is *precisely* the
issue that I am concerned with.
I cannot say that "SHA1(f) xor MD5(f)" is weaker or stronger than either
of those two on their own, because I don't know cryptographic algorithm
design well enough.
It is very hard to design a good cryptographic algorithm, though, and
even harder to build a useful cryptographic system around a good
algorithm.
To quote from memory, unless you happen to be Bruce Schneier you
probably can't design a secure cryptographic system on the back of a
napkin, and you are almost certainly better off not trying. :)
Regards,
Daniel
--
Crying loud, you're crawling on the floor
Just a beautiful baby, You're nothing more
-- Switchblade Symphony, _Clown_
Reply to: