[Dshield] Crypto Question

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Mar 6 19:05:43 GMT 2009


On Thu, 05 Mar 2009 22:17:05 CST, Frank Knobbe said:
> But it raises an interesting question. We know mathematically how hard
> or weak the known broken hashes are. How would you calculate the
> combined reliability of two different hashes? Is it as simple as adding
> exponents, or does it require a different strength calculation because
> the algorithms are different and which inherently impedes finding a
> single collision that satisfies both algos?

It's *nowhere* near as simple as adding the exponents, because there may or
may not be issues with combining the schemes.  In particular, if two hashes
use a similar approach to something, and there's an issue with it, they *both*
start reducing in security.  In the end, composition of functions is a lot
harder than it looks.

Not *directly* related, but you might want to read up on why single-DES is
56 bits, double-DES is *still* 56 bits, but triple-DES is 112.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20090306/fd3763d5/attachment.bin 


More information about the Dshield mailing list