[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: MD5 is broken

From: Aaron Bentley
Subject: Re: [Gnu-arch-users] Re: MD5 is broken
Date: Wed, 16 Mar 2005 13:53:23 -0500
User-agent: Mozilla Thunderbird 0.6 (X11/20040530)

Tom Lord wrote:
The "combination" of two hash functions is itself a single hash function.

So, arguments of the form "two are better than one", if mathematically
based, aim for the conclusion that nothing short of an infinite amount
of hashing code in core arch will be enough.

It's not mathmatically based. It's pragmatic. It means that when one hash is broken, you have a window of opportunity to replace the broken hash with an unbroken one. You are not vulnerable until both hashes are broken, so unless both hashes are broken before you replace one of them, you will never be vulnerable.

Aaron Bentley
Director of Technology
Panometrics, Inc.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]