MD5 (Re: [prog] web authentication)
Mary
mary-linuxchix at puzzling.org
Thu Nov 10 13:51:25 EST 2005
On Thu, Nov 10, 2005, Benjamin A'Lee wrote:
> I've never gotten around to implementing this yet though, or even
> looking into it more to see whether it's worthwhile.
There's a thread on bugtraq starting at
http://cert.uni-stuttgart.de/archive/bugtraq/2005/02/msg00376.html
The concensus seems to be that there's not a lot of research into
whether combining the hashes makes the complexity of finding a collision
timeTakenToFindMD5Collision * timeTakeToFindSHA1Collision (which is
the default assumption) or whether the two hashes have properties in
common that make a collision for one more like to collide for the other
than you'd expect.
-Mary
More information about the Programming
mailing list