Re: [Gnu-arch-users] Re: MD5 is broken

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: MD5 is broken

From:	Aaron Bentley
Subject:	Re: [Gnu-arch-users] Re: MD5 is broken
Date:	Wed, 16 Mar 2005 08:45:31 -0500
User-agent:	Mozilla Thunderbird 0.6 (X11/20040530)

Karel Gardas wrote:

Yes, I agree, but combining two hashes from which one is considered broken
and one is considered weak these days is IMHO less secure than using one
hash which is considered secure.

Even the reduced-rounds attacks on SHA-1 still require more rounds thanMD5 ever required.

Combining two hashes is more secure than using one. If you rely on one,it may be broken.

If you rely on two hashes A and B, both must be broken, and thecombination of them must be broken. That is, you must find two usefultexts that produce the same hash using A, and produce the same hash using B.

So while it's definitely time to look at alternative hashes, I don'tthink it makes sense to migrate to just one. What if the new hash wascracked wide open, while no further progress was made on SHA-1?


Aaron
--
Aaron Bentley
Director of Technology
Panometrics, Inc.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] Re: MD5 is broken, (continued)

Prev by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Next by Date: [Gnu-arch-users] Re: MD5 is broken
Previous by thread: [Gnu-arch-users] Re: MD5 is broken
Next by thread: Re: [Gnu-arch-users] Re: MD5 is broken
Index(es):
- Date
- Thread