[erlang-questions] wow: MD5 broken

[Michal 'vorner' Vaner]

Hello

On Sun, Dec 02, 2007 at 12:47:00PM +0100, Michael Regen wrote:
> On Dec 2, 2007 12:55 AM, Toby Thain <toby@REDACTED> wrote:
> 
> > My point was that any *single* hash might one day be shown vulnerable
> > to a similar technique, but using two together (as is sometimes
> > already done) should be much more resistant?
> >
> 
> As A. Joux presents in "Multicollisions in Iterated Hash Functions.
> Application to Cascaded Constructions"
> http://www.springerlink.com/content/dwwvmqju0n0a3ugj/ this approach might be
> far less effective than one might think.
> 
> Just found this thread which tries to explain it a bit:
> https://lists.ubuntu.com/archives/bazaar/2007q1/021478.html. If you google
> you can find more and maybe better links which say that, yes, combining two
> hashes (md5 + sha1) improves the hash quality but not as much as if you used
> a good hash (sha256) from the beginning. Besides that, using two hash
> functions makes everything much more complex.
> And no, I am neither able to follow the math completely.

What is more complex, if instead of prowiding:
md5: abcd123456

you provide:
md5: abcd12456
sda1: bcdef1234

If one of them does not match, then it is not the file.

And, of course, you can add sha256, too, if you want. Just any number of
different hash functions. If someone cracks md5, you still have the
other one to see it and gives you time to replace md5.

-- 
The human mind ordinarily operates at only ten percent of its capacity
-- the rest is overhead for the operating system

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20071202/a0bf2c53/attachment.bin>