On Tue, Aug 29, 2006 at 05:57:34PM +0100, Proinnsias Breathnach wrote:
> Are there even theoretical collisions that result in both the same MD5
> *and* SNA1 hash for the message(s) in question ?
100% yes. It's a cast iron guarantee. For non-theoretical, at the
current pace of development; probably within years rather than decades.
> If not - surely just a twin-hash approach would solve a multitude of
> immediate problems - with todays' tools ?
I used to think that, but it's very niave. A twin hash is basically just
a single longer hash. Combining two different hashes which are radically
different in their approaches to the problem will drastically reduce the
chances of collision, but probably not by more than doubling the hash
size would have in the first place anyway. Don't forget that when you
use two hashes, you are doubling the hash length. That's a negative
thing, the aim is to keep them small. Otherwise corruption in the hash
itself is just a big problem as it was in the original.
Colm MacCárthaigh Public Key: colm+pgp at stdlib.net
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!