silky wrote:
On Dec 11, 2007 5:06 AM, Allen <[EMAIL PROTECTED]> wrote:
What puzzles me in all this long and rather arcane discussion is
why isn't the solution of using a double hash - MD5 *and* SHA
whatever. The odds of find a double collision go way up.
Some open source software people are already doing this. I've
played around with the sample files that are out there and find
an easy way to do this but I don't have either the horsepower or
skill to be at all definitive.
My gut tells me that using two processes that use different
algorithms, even though compromised, will raise the bar so high
that it would be secure for a long time.
At my skill level and horsepower I can't find even a single way
to do this with CRC32 and MD5. Granted, that certainly doesn't
mean a whole lot.
Work has actually been done on this exact topic.
One link is here: http://cryptography.hyperlink.cz/2004/otherformats.html
I think there may be more; I'm not sure.
Thanks for the pointer. Very interesting and it proves that I
don't have the horsepower at this point. (Just wait until I build
that Microwulf! With the new quad core chips I should hit about
50 GigaFLOPS. And cheeep - less than 4K)
But my real point is that CRC32 while has only 2^16
possibilities, even SHA 1 with its degraded state has (IIRC) 2^55
and if we go to SHA 256 it has 2^256 possibilities.
Since MD5 and SHA 256 use two different algorithms the odds of
creating a double collision are tiny at this point.
So take your enhanced Tripwire like program and have it compute
two different hashes. Yes, you can create a collision in the MD5,
but can you also create a simultaneous collision in the SHA 256?
This is my point.
Best,
Allen
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
