On Dec 11, 2007 5:06 AM, Allen <[EMAIL PROTECTED]> wrote: > What puzzles me in all this long and rather arcane discussion is > why isn't the solution of using a double hash - MD5 *and* SHA > whatever. The odds of find a double collision go way up. > > Some open source software people are already doing this. I've > played around with the sample files that are out there and find > an easy way to do this but I don't have either the horsepower or > skill to be at all definitive. > > My gut tells me that using two processes that use different > algorithms, even though compromised, will raise the bar so high > that it would be secure for a long time. > > At my skill level and horsepower I can't find even a single way > to do this with CRC32 and MD5. Granted, that certainly doesn't > mean a whole lot.
Work has actually been done on this exact topic. One link is here: http://cryptography.hyperlink.cz/2004/otherformats.html I think there may be more; I'm not sure. > But to take a real world example, a safety deposit box, the two > keys have to work together to open the box. It really does not > matter is one is a Yale and the other a combination, either one > of which are easily compromised by themselves, but together you > would have to find both at the same time to open the box, a lot > tougher problem. > > Best, > > Allen > > > Francois Grieu wrote: > > [EMAIL PROTECTED] wrote: > > > >> Dp := any electronic document submitted by some person, converted to its > >> canonical form > >> Cp := a electronic certificate irrefutably identifying the other person > >> submitting the document > >> Cn := certificate of the notary > >> Tn := timestamp of the notary > >> S() := signature of the notary > >> > >> S( MD5(Tn || Dp || Cp || Cn) ). > > > > In this context, the only thing that guards agains an attack by > > "some person" is the faint hope that she can't predict the Tn > > that the notary will use for a Dp that she submits. > > > > That's because if Tn is known (including chosen) to "some person", > > then (due to the weakness in MD5 we are talking about), she can > > generate Dp and Dp' such that > > S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) ) > > whatever Cp, Cn and S() are. > > > > If Tn was hashed after Dp rather than before, poof goes security. > > > > > > Francois Grieu > > > > --------------------------------------------------------------------- > > The Cryptography Mailing List > > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > -- mike http://lets.coozi.com.au/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
