Friday, February 20, 2009

Crypto Query

I'm putting this one in the "Food for Future Thought" category.

I'm no cryptographer, and only kinda so-so at math, but here's my thought: Are multiple broken cryptographic ciphers, when combined, more secure than a single broken cipher?

Put more simply, can a single file have collisions for more than one algorithm? Even more simply, even though we know that both MD5 and SHA-1 hash algorithms are "broken", if we "cross-hash" a file using both algorithms, are we any more "safe" in terms of integrity than if we only used one of the broken hashes?

My theory is that as long as the "breaks" are fundamentally different between algorithms we might have a practical advantage, like a brick and mortar wall: stronger when put together than standing alone.

We know that for a given file we can create a fake file with the same MD5 hash; likewise SHA-1. The question is: can we create a fake file that will "break" both of these hashes simultaneously?

(Of course the real solution is to use a better and unbroken algorithm, but I'm just curious.)

Somebody get me a crypto geek.

No comments:


Related Posts with Thumbnails