[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MD5 collisions found - alternative?

On 25 Aug 2004, Matthew Palmer wrote:
> On Tue, Aug 24, 2004 at 12:20:24PM -0400, Phillip Hofmeister wrote:
>> On Tue, 24 Aug 2004 at 10:50:38AM -0400, Daniel Pittman wrote:
>>> Be aware that this sort of technique "multi-encryption" technique can
>>> lead to significant exposures when applied to traditional crypto; it can
>>> produce results that allow a vastly simpler attack on the protected
>>> information.
>>> I would not put my name to a recommendation about how to make a
>>> cryptographic product or protocol "more secure" unless I had sufficient
>>> background in the area to know the full implications of my recommended
>>> actions.
>> If I understand your postulate correctly:
>> If I, the user, encrypt a message with algorithm X and the cipher text
>> is intercepted by the attacker.  The attacker can make his chances of
>> brute forcing the text BETTER by encrypting my cipher text with algorithm
>> Y.  This simply does not hold up.
> For random values of X and Y, you are correct, there is no reason to assume
> that you will get an easier time of it.  However, there are plenty of
> examples where (for instance) applying the same algorithm N times
> does not produce N times the security, or even the same level of security. 
> The same adverse interaction occurs when you mix different algorithms.


> It's those sorts of tricky interactions (which aren't immediately obvious)
> which I'm sure led Daniel to warn of the dangers of simplistic "security
> upgrades".

Matt is entirely correct in his statements - this is *precisely* the
issue that I am concerned with.

I cannot say that "SHA1(f) xor MD5(f)" is weaker or stronger than either
of those two on their own, because I don't know cryptographic algorithm
design well enough.

It is very hard to design a good cryptographic algorithm, though, and
even harder to build a useful cryptographic system around a good

To quote from memory, unless you happen to be Bruce Schneier you
probably can't design a secure cryptographic system on the back of a
napkin, and you are almost certainly better off not trying. :)

Crying loud, you're crawling on the floor
Just a beautiful baby, You're nothing more
        -- Switchblade Symphony, _Clown_

Reply to: