[erlang-questions] wow: MD5 broken

Michael Regen <>
Sun Dec 2 17:48:14 CET 2007


On Dec 2, 2007 1:38 PM, Michal 'vorner' Vaner <> wrote:

> What is more complex, if instead of prowiding:
> md5: abcd123456
>
> you provide:
> md5: abcd12456
> sda1: bcdef1234
>
> If one of them does not match, then it is not the file.
>
> And, of course, you can add sha256, too, if you want. Just any number of
> different hash functions. If someone cracks md5, you still have the
> other one to see it and gives you time to replace md5.
>


Let me ask the question the other way around: Why do you want to use a
hashing schema which is less secure and requires more effort?

And of course you could always provide hashes from all known hash functions
currently known to be not broken. Does this really maximize security?
Theoretically yes. But in practice you would need to check all hashes in
order to benefit because one could be broken in the meanwhile. What if your
non-crypto-experts choose the simple way and just check one hash? ('...
because I already have md5.exe installed on my computer') Your hashing
schema would give them a much better chance to step into this trap.
How often can the weakest point in cryptography be found in osi layer 8
(human)?

Cheers,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20071202/f3f6418f/attachment.html>


More information about the erlang-questions mailing list