Re: Probably naive question - SHA1 + MD5 combination

Shamus Husheer <s.husheer@xxxxxxxxx> wrote:
For example, if the function SHA1(data+MD5(data)) were used (i.e.
append the MD5 of the data to the data, and take the SHA1 of the
combination), would it be a lot harder to find collisions?

No. You find a collision in SHA-1, say x_0 and x_1, then you simply
choose random messages y until MD5(x_0||y) = MD5(x_1||y), which by the
birthday paradox is feasible. Then

SHA-1(x_0 || y || MD5(x_0||y)) = SHA-1(x_1 || y || MD5(x_1||y)

Multiple hash functions isn't a good idea.

PS. You need to deal with some padding stuff as well, but that's easy.

--
Kristian Gjøsteen
.

Relevant Pages

  • Re: When will md5crk complete?
    ... and in that case birthday attack ... > His core message is correct however: you shouldn't be using MD5. ... Collisions DO exist for every hash algorithm... ...
    (sci.crypt)
  • Re: Re-secured Algorithm?
    ... >>MD5 collisions are actually trivial to generate. ... SHA-1 had real collisions in MD5. ... Personal attacks aside I doubt many ...
    (sci.crypt)
  • Re: MD5 status
    ... > work on collisions is that of being one-way. ... > Dobbertin as he is of course one of the biggest authorities on this. ... collisions in the MD5 compression function that you shouldn't use it. ... attack is dependent on the attack that you have against the algorithm. ...
    (SecProg)
  • Re: un-hashing to reveal pass phrase [was: crypto sms]
    ... the entropic quantity is known this limits the number of possible passphrase ... By focusing only on the extremely limited MD5 which can hold more ... but the show collisions in MD5 in 15 ... Because there is only one colliding value, ...
    (sci.crypt)
  • Re: MD5s eulogy
    ... about anonymity, see http://mixminion.net. ... MD5 is Dead. ... slashdot article reference included below. ... >arbitrary collisions, just random collisions), it's folly to think it'll ...
    (alt.privacy)