- old school security
Fred Cisin
cisin at xenosoft.com
Wed Apr 25 18:38:35 CDT 2007
> > That is why the hashcode algorithm being used should be kept secret
On Wed, 25 Apr 2007, Eric J Korpela wrote:
> No, quite the opposite. The hashcode algorithm should be as public as
> possible so any weakness can be found. What keeps a hashcode secure is
> the amount of time it takes to find collisions.
I REALLY should have put that in quotes or appended a smiley.
Security through obscurity can only work for a very short time.
> I have a string that has an MD5 hash of
> d373a246bddeed37feec0c1c7c7b92ca.
certainly each bit doubles the strength. I thought that we were talking
about relatively trivial ones of 16 bits, etc.
> Now try to find the one that also has an sha1 hash of
> d79b75daa96671379b52210e1e3bf341c061f1cf
Would probably have to do significant expansion of Gilmore's "Deep Crack".
More information about the cctalk
mailing list