[Dshield] Crypto Question

John Hardin jhardin at impsec.org
Wed Mar 4 22:12:06 GMT 2009


On Wed, 4 Mar 2009, Frank Knobbe wrote:

> The bigger risk with MD5 is to covertly sneak in changes in plaintext 
> and have them still be valid with the same signature. That's the real 
> problem with MD5, not how much faster you can find a password in an 
> offline attack against a password database.

What I'm wondering is why the file formats and protocols that incorporate 
such signing don't provide for multiple signatures using different crypto 
hash algorithms. Isn't it a good idea to assume that _all_ crypto hash 
algorithm _will_ have collisions (regardless of how expensive those might 
be to find), and your goal is to make that inherent flaw not a problem in 
practice?

What's the likelihood that the same collision plaintext would generate the 
same crypto hash using several different algorithms?

While this is interesting, it's rather OT...

-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin at impsec.org    FALaholic #11174     pgpk -a jhardin at impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   Failure to plan ahead on someone else's part does not constitute
   an emergency on my part.                 -- David W. Barts in a.s.r
-----------------------------------------------------------------------
  4 days until Daylight Saving Time begins in U.S. - Spring Forward


More information about the Dshield mailing list