[erlang-questions] wow: MD5 broken

Michael Regen michael.regen@REDACTED
Sun Dec 2 12:47:00 CET 2007

On Dec 2, 2007 12:55 AM, Toby Thain <toby@REDACTED> wrote:

> My point was that any *single* hash might one day be shown vulnerable
> to a similar technique, but using two together (as is sometimes
> already done) should be much more resistant?

As A. Joux presents in "Multicollisions in Iterated Hash Functions.
Application to Cascaded Constructions"
http://www.springerlink.com/content/dwwvmqju0n0a3ugj/ this approach might be
far less effective than one might think.

Just found this thread which tries to explain it a bit:
https://lists.ubuntu.com/archives/bazaar/2007q1/021478.html. If you google
you can find more and maybe better links which say that, yes, combining two
hashes (md5 + sha1) improves the hash quality but not as much as if you used
a good hash (sha256) from the beginning. Besides that, using two hash
functions makes everything much more complex.
And no, I am neither able to follow the math completely.

Some time ago I drew one conclusion for myself: I am no cryptography expert
therefore I have to strictly adhere to the paths real cryptography experts
have built. I should not draw my own conclusions. And one of the reversal
conclusions: Even if I was a cryptography expert I should wait for other
crypto experts to validate my new paths before I may follow them. Your
mileage may vary.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20071202/635a4df6/attachment.htm>

More information about the erlang-questions mailing list