SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 12:40 PM
| ||||
| ||||
 Re: Question related to the Hash-Algorithms used for the Ports Marc Bevand wrote: > | Finding a collision for both MD5 and SHA-1 at the same time is > | completely improbable. > > Finding a collision for SHA-1 was also deemed completely improbable ten > years ago. However nowadays the attack seems very probable. > > My point is, finding a collision for both MD5 and SHA-1 will eventually > get accomplished some day. If it was really considered improbable, then > I suggest cryptographers stop researching secure hashing algorithms and > start using the hash function H(x) = MD5(x) . SHA1(x), where '.' is the > concatenation operator. The performance of this hash function will be poor. All this is irrelevant for the application we are looking at, namely OpenBSD ports. As kjell pointed out, you need to perform a second preimage attack and not a collision attack. Please read http://www.ecrypt.eu.org/documents/S...H_STMT-1.1.pdf to clearly understand the difference. All the attacks that have been found so far are collision attacks, not second preimage attacks. Therefore, these attacks mainly have implications on digital signatures. If an attacker succeeds in finding a second preimage for a certain hash value (of a tarball you want to download), he will also need to construct a corrupted compressed tarball with the second preimage. Not so simple either. Cheers, Dries      |
 |
« Re: Question related to the Hash-Algorithms used for the Ports
|
Re: Question related to the Hash-Algorithms used for the Ports »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
All times are GMT. The time now is 11:00 AM.
