Orr Dunkelman wrote:
This is true, but has no meaning. A paper to be presented tomorrow in Santa Barbara by Antoine Joux (who found the collision in SHA-0), explains that to attack such a scheme: h(x) = SHA-1(x) || MD5(x) is as hard as breaking the harder between the two (under birthday attacks). So a generic attack of finding collisions in SHA-1(x)||MD5(x) requires only 2^80 computations (and not 2^160 as one might expect). Also, it is very likely that if the SHA-1 results will be obtained in similar methods to the ones of MD5, then his ideas will be applicable also for the new attacks.
The paper was pretty scarce on details. What is the attack method?
Also, I wrote a newbie friendly explanation of what happens there in my blog. http://www.israblog.co.il/35850.
Shachar
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
-------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]