Yes, I agree, but combining two hashes from which one is considered broken and one is considered weak these days is IMHO less secure than using one hash which is considered secure.
Even the reduced-rounds attacks on SHA-1 still require more rounds than MD5 ever required.
Combining two hashes is more secure than using one. If you rely on one, it may be broken.
If you rely on two hashes A and B, both must be broken, and the combination of them must be broken. That is, you must find two useful texts that produce the same hash using A, and produce the same hash using B.
So while it's definitely time to look at alternative hashes, I don't think it makes sense to migrate to just one. What if the new hash was cracked wide open, while no further progress was made on SHA-1?
Aaron -- Aaron Bentley Director of Technology Panometrics, Inc.
_______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users
GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
