[Dshield] Crypto Question
John Hardin
jhardin at impsec.org
Fri Mar 6 16:35:20 GMT 2009
On Thu, 5 Mar 2009, Frank Knobbe wrote:
> I think John's thought was, why not use two different hash algos on the
> same plaintext. If one or the other fails (or both fail), something is
> up. Only if both hashes (with known or unknown collision methods) pass,
> the plaintext is verified.
Exactly correct.
> Obviously that leads to complexity which may carry a little devil in
> itself somewhere. Using a good hash that has a high reliability (SHA-512
> or whatever) would be simpler.
Agreed. It's also possibly double the computational cost. I recognize
that. To judge the value of this you must also ask how expensive an
undetectable forgery would be?
I would say a signature on a website cert or non-ephemeral file (e.g. a
PGP message) would be worth the extra computational cost; for something
like verifying network traffic, it'd be a lot less likely.
> But it raises an interesting question. We know mathematically how hard
> or weak the known broken hashes are. How would you calculate the
> combined reliability of two different hashes? Is it as simple as adding
> exponents, or does it require a different strength calculation because
> the algorithms are different and which inherently impedes finding a
> single collision that satisfies both algos?
>
> Just curious,
Me too.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin at impsec.org FALaholic #11174 pgpk -a jhardin at impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute
an emergency on my part. -- David W. Barts in a.s.r
-----------------------------------------------------------------------
2 days until Daylight Saving Time begins in U.S. - Spring Forward
More information about the Dshield
mailing list