- old school security
cisin at xenosoft.com
Wed Apr 25 18:38:35 CDT 2007
> > That is why the hashcode algorithm being used should be kept secret
On Wed, 25 Apr 2007, Eric J Korpela wrote:
> No, quite the opposite. The hashcode algorithm should be as public as
> possible so any weakness can be found. What keeps a hashcode secure is
> the amount of time it takes to find collisions.
I REALLY should have put that in quotes or appended a smiley.
Security through obscurity can only work for a very short time.
> I have a string that has an MD5 hash of
certainly each bit doubles the strength. I thought that we were talking
about relatively trivial ones of 16 bits, etc.
> Now try to find the one that also has an sha1 hash of
Would probably have to do significant expansion of Gilmore's "Deep Crack".
More information about the cctalk