[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: MD5 is broken
From: |
Jason McCarty |
Subject: |
Re: [Gnu-arch-users] Re: MD5 is broken |
Date: |
Wed, 16 Mar 2005 08:32:58 -0500 |
User-agent: |
Mutt/1.5.6+20040907i |
Karel Gardas wrote:
> On Wed, 16 Mar 2005, Peter Conrad wrote:
> > Combining different hashes in the signature should make attacks a lot
> > more difficult, because an attacker would have to produce collisions
> > for all hashes at the same time. Of course, *all* hashes must be
> > validated when checking the signature, instead of validating only one
> > of them.
>
> Yes, I agree, but combining two hashes from which one is considered broken
> and one is considered weak these days is IMHO less secure than using one
> hash which is considered secure.
Maybe, but what alternative do we have today? AIUI, gpg-signing in
general just encrypts a hash (of a hash, in our case), so you need a
good choice for both the hash tla uses and the one gpg uses. So which
hash(es)?
--
Jason McCarty <address@hidden>
- Re: [Gnu-arch-users] Re: MD5 is broken, (continued)
- Re: [Gnu-arch-users] Re: MD5 is broken, Andrew Suffield, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Peter Conrad, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Karel Gardas, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken,
Jason McCarty <=
- [Gnu-arch-users] Re: MD5 is broken, Matthieu Moy, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Adrian Irving-Beer, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, Aaron Bentley, 2005/03/16
- Re: [Gnu-arch-users] Re: MD5 is broken, John Arbash Meinel, 2005/03/16
- [Gnu-arch-users] Re: MD5 is broken, Ivan Boldyrev, 2005/03/17