Actually, because the two algorithms are related, using both at once yields
only as much security as the more secure of the two: Breaking SHA1 and MD5
together is not much more difficult than breaking SHA1 alone. Better
security is achieved by using a better hash algorithm, such as SHA256.
-Nick J
Hi Martin,
On Tue, Oct 27, 2009 at 12:30 PM, Martin Trummer <
martin.trummer...@gmail.com> wrote:
>
> On Oct 27, 10:53 am, "Nick Johnson (Google)"
> wrote:
> > Collision attacks on MD5 have been found, yes. But a collision attack
> > requires the attacker to specify both strings, and currently a
If you're paranoid, how about a concatenation of the SHA and MD5 sums.
On Tue, Oct 27, 2009 at 12:30 PM, Martin Trummer <
martin.trummer...@gmail.com> wrote:
>
> On Oct 27, 10:53 am, "Nick Johnson (Google)"
> wrote:
> > Collision attacks on MD5 have been found, yes. But a collision attack
> > r
On Oct 27, 10:53 am, "Nick Johnson (Google)"
wrote:
> Collision attacks on MD5 have been found, yes. But a collision attack
> requires the attacker to specify both strings, and currently at least,
> requires them to be at least 128 bytes long, and makes no guarantee about
> human readability. A p
Hi
I will chime in
On Oct 27, 5:37 pm, Martin Trummer
wrote:
> well, I don't have the mathematical skills to prove you wrong:
> but according to several articles I've read, MD5 hashes are not
> collision resistant,
> and there are several ways to crack an MD5 hash (that are better than
> brute
Hi Martin,
On Tue, Oct 27, 2009 at 9:37 AM, Martin Trummer wrote:
>
> well, I don't have the mathematical skills to prove you wrong:
> but according to several articles I've read, MD5 hashes are not
> collision resistant,
> and there are several ways to crack an MD5 hash (that are better than
>
well, I don't have the mathematical skills to prove you wrong:
but according to several articles I've read, MD5 hashes are not
collision resistant,
and there are several ways to crack an MD5 hash (that are better than
brute force)
so:
* it's not purely theoretical
* the e-mail address could be
Hi Martin,
MD5 hashes are sufficiently random that collisions are purely theoretical
and not of practical concern. Many systems, for example, address files by
MD5 or SHA1 hash.
If you can provide an MD5 or SHA1 collision between two short,
human-readable strings, however, I will be happy to amend