- old school security

Fred Cisin cisin at xenosoft.com
Wed Apr 25 18:38:35 CDT 2007


> > That is why the hashcode algorithm being used should be kept secret

On Wed, 25 Apr 2007, Eric J Korpela wrote:
> No, quite the opposite.  The hashcode algorithm should be as public as
> possible so any weakness can be found. What keeps a hashcode secure is
> the amount of time it takes to find collisions.

I REALLY should have put that in quotes or appended a smiley.
Security through obscurity can only work for a very short time.

> I have a string that has an MD5 hash of
> d373a246bddeed37feec0c1c7c7b92ca.

certainly each bit doubles the strength.  I thought that we were talking
about relatively trivial ones of 16 bits, etc.


> Now try to find the one that also has an sha1 hash of
> d79b75daa96671379b52210e1e3bf341c061f1cf

Would probably have to do significant expansion of Gilmore's "Deep Crack".



More information about the cctalk mailing list