Re: [Gnu-arch-users] Re: MD5 is broken

gnu-arch-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: MD5 is broken

From:	Jason McCarty
Subject:	Re: [Gnu-arch-users] Re: MD5 is broken
Date:	Wed, 16 Mar 2005 08:32:58 -0500
User-agent:	Mutt/1.5.6+20040907i

Karel Gardas wrote:
> On Wed, 16 Mar 2005, Peter Conrad wrote:
> > Combining different hashes in the signature should make attacks a lot
> > more difficult, because an attacker would have to produce collisions
> > for all hashes at the same time. Of course, *all*  hashes must be
> > validated when checking the signature, instead of validating only one
> > of them.
> 
> Yes, I agree, but combining two hashes from which one is considered broken
> and one is considered weak these days is IMHO less secure than using one
> hash which is considered secure.

Maybe, but what alternative do we have today? AIUI, gpg-signing in
general just encrypts a hash (of a hash, in our case), so you need a
good choice for both the hash tla uses and the one gpg uses. So which
hash(es)?

-- 
Jason McCarty <address@hidden>

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Gnu-arch-users] Re: MD5 is broken, (continued)

Prev by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Next by Date: Re: [Gnu-arch-users] Re: MD5 is broken
Previous by thread: Re: [Gnu-arch-users] Re: MD5 is broken
Next by thread: [Gnu-arch-users] Re: MD5 is broken
Index(es):
- Date
- Thread