Re: Probably naive question - SHA1 + MD5 combination
- From: Kristian Gjøsteen <kristiag+news@xxxxxxxxxxxx>
- Date: Thu, 31 Aug 2006 13:39:08 +0000 (UTC)
Bryan Olson <fakeaddress@xxxxxxxxxxx> wrote:
Kristian Gjøsteen wrote:
Shamus Husheer <s.husheer@xxxxxxxxx> wrote:
For example, if the function SHA1(data+MD5(data)) were used (i.e.
append the MD5 of the data to the data, and take the SHA1 of the
combination), would it be a lot harder to find collisions?
No. You find a collision in SHA-1, say x_0 and x_1, then you simply
choose random messages y until MD5(x_0||y) = MD5(x_1||y), which by the
birthday paradox is feasible.
Can you justify that? I don't see it, even granting the that the
~2**64 work of breaking MD5 by birthday-attack is feasible.
Obviously, I can't, because I can't. I was trying to use the Joux attack,
and I misremembered. Sorry. Thanks for the correction.
What you do is find a collision in SHA-1, say x_0 and y_0. Then you find
another collision with the iv you get after processing x_0/y_0, say x_1
and y_1. Notice that SHA-1(x_0||x_1) = SHA-1(x_0||y_1) = SHA-1(x_1||y_0)
= SHA-1(x_1||y_1). Repeat say 128 times. Now you can generate 2^128
different messages that all have the same SHA-1 hash, by alternating
between the x_i and y_i.
The birthday paradox then provides an MD5 collision.
--
Kristian Gjøsteen
.
- References:
- Probably naive question - SHA1 + MD5 combination
- From: Shamus Husheer
- Re: Probably naive question - SHA1 + MD5 combination
- From: Kristian Gjøsteen
- Re: Probably naive question - SHA1 + MD5 combination
- From: Bryan Olson
- Probably naive question - SHA1 + MD5 combination
- Prev by Date: Re: Fingerprint as cryptokey
- Next by Date: Re: Probably naive question - SHA1 + MD5 combination
- Previous by thread: Re: Probably naive question - SHA1 + MD5 combination
- Next by thread: LibTomCrypt v1.14 out
- Index(es):
Relevant Pages
|
