On Dec 11, 2007 5:06 AM, Allen <[EMAIL PROTECTED]> wrote:
> What puzzles me in all this long and rather arcane discussion is
> why isn't the solution of using a double hash - MD5 *and* SHA
> whatever. The odds of find a double collision go way up.
>
> Some open source software people are already doing this. I've
> played around with the sample files that are out there and find
> an easy way to do this but I don't have either the horsepower or
> skill to be at all definitive.
>
> My gut tells me that using two processes that use different
> algorithms, even though compromised, will raise the bar so high
> that it would be secure for a long time.
>
> At my skill level and horsepower I can't find even a single way
> to do this with CRC32 and MD5. Granted, that certainly doesn't
> mean a whole lot.

Work has actually been done on this exact topic.

One link is here: http://cryptography.hyperlink.cz/2004/otherformats.html

I think there may be more; I'm not sure.


> But to take a real world example, a safety deposit box, the two
> keys have to work together to open the box. It really does not
> matter is one is a Yale and the other a combination, either one
> of which are easily compromised by themselves, but together you
> would have to find both at the same time to open the box, a lot
> tougher problem.
>
> Best,
>
> Allen
>
>
> Francois Grieu wrote:
> > [EMAIL PROTECTED] wrote:
> >
> >>  Dp := any electronic document submitted by some person, converted to its
> >>        canonical form
> >>  Cp := a electronic certificate irrefutably identifying the other person
> >>        submitting the document
> >>  Cn := certificate of the notary
> >>  Tn := timestamp of the notary
> >>  S() := signature of the notary
> >>
> >>  S( MD5(Tn || Dp || Cp || Cn) ).
> >
> > In this context, the only thing that guards agains an attack by
> > "some person" is the faint hope that she can't predict the Tn
> > that the notary will use for a Dp that she submits.
> >
> > That's because if Tn is known (including chosen) to "some person",
> > then (due to the weakness in MD5 we are talking about), she can
> > generate Dp and Dp' such that
> >   S( MD5(Tn || Dp || Cp || Cn) ) = S( MD5(Tn || Dp' || Cp || Cn) )
> > whatever Cp, Cn and S() are.
> >
> > If Tn was hashed after Dp rather than before, poof goes security.
> >
> >
> >   Francois Grieu
> >
> > ---------------------------------------------------------------------
> > The Cryptography Mailing List
> > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
> >
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
>



-- 
mike
http://lets.coozi.com.au/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to