On Tue, 24 Aug 2004 at 06:18:50PM -0400, Matthew Palmer wrote: > > If I understand your postulate correctly: > > > > If I, the user, encrypt a message with algorithm X and the cipher text > > is intercepted by the attacker. The attacker can make his chances of > > brute forcing the text BETTER by encrypting my cipher text with algorithm > > Y. This simply does not hold up. > <snip>
> However, the weakness typically occurs when the same (or otherwise > equivalent or transformed) key is used for both algorithms. You don't so > much brute-force the text as the key in most attacks, and application of the > same (or equivalent) key multiple times often has the effect of weakening > the key's "secretness". This often occurs by being able to analyse the > resultant message and cutting out large swathes of keyspace to search based > on the properties of the ciphertext. Ahh...now we are talking apples to apples. Yes, the same key applied over different algorithms could create problems and provide easier crypt-analysis. I was under the impression we were talking about taking something and encrypting it with two different keys and two different algorithms. > So an attacker applying another algorithm after the fact, not knowing the > original key used (if he did, why would he need to break the ciphertext the > hard way?) is unlikely to make it any easier on himself. > > In the case of hashing algorithms, there's one 'key' involved -- the > plaintext -- and for password security, you don't need to retrieve the key > necessarily, just an equivalent one. There's no guarantee that XORing MD5 > and SHA-1 isn't going to produce something that is quite simple to generate > equivalent plaintext for, by, for example, making it mathematically > impossible for one bit in the resultant hash value to be a certain value > (because MD5 and SHA-1 always set the same bit to the same value given the > same input). That cuts your hash search space in half right there. I agree. There is value in maintaining two completely different data points by hashing the item with two functions though (but not XORing the result together). For example: EVEN IF hash1(x) == hash1(y), it is HIGHLY unlikely hash2(x) == hash2(y). Keeping a record of both hashes on hand provides value and strengthens your certainty of integrity on very large orders of magnitude. -- Phillip Hofmeister
pgpLWjIwGrvEX.pgp
Description: PGP signature
