This suggestion reminds me a story: In the NESSIE project (european project to evaluate various cryptographic primitives) we recieved a candidate named Whirlpool - hash function of 512-bit digest.
It's optimized code was so slow that someone wrote about whirlpool: while you hash with whirlpool, you could hash in SHA-1, MD5, tiger, SHA-256 concatenate the results, get a faster implementation, and you'll get more bits in the digest. This is true, but has no meaning. A paper to be presented tomorrow in Santa Barbara by Antoine Joux (who found the collision in SHA-0), explains that to attack such a scheme: h(x) = SHA-1(x) || MD5(x) is as hard as breaking the harder between the two (under birthday attacks). So a generic attack of finding collisions in SHA-1(x)||MD5(x) requires only 2^80 computations (and not 2^160 as one might expect). Also, it is very likely that if the SHA-1 results will be obtained in similar methods to the ones of MD5, then his ideas will be applicable also for the new attacks. On Tue, 17 Aug 2004, Oron Peled wrote: > On Tuesday 17 August 2004 14:56, Orr Dunkelman wrote: > > AFAIK, Eli (my advisor) is working for quite some time on this. > > > > I hope he'll succeed. > > > > When this happens - use tiger. > > But could it be that messages with same MD5 and messages > with same SHA1 do not have an intersection? > > If so, than it may be easier to compute MD5 + SHA1 for each > protected tarball (or ISO). > > -- Orr Dunkelman, [EMAIL PROTECTED] "Any human thing supposed to be complete, must for that reason infallibly be faulty" -- Herman Melville, Moby Dick. Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.) -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
