[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MD5 breaks, etc.
Accepting for a moment that MD5 collisions have been identified. From
a commercial aspect I am concerned to ensure the cryptographic security
of our ECheque system.
Just a thought on the use of MD5. If two signatures are appended to the
same document both using MD5, but one either
a) Signing all but the last octet of the message ... or
b) Signing the whole of the message and signature.
Would that not make the determination of useable collisions either
impracticable or impossible?
I must admit I am inclined to encode additionally the key components
of the message (amount paid, to whom) as well as the hash using a
Private Key encryption. After all we have at least 60 octets of
important data that can be encoded in this manner using one
simple encryption sequence, this can cover account credited and
amount easily. If someone can collision codge the description I am
not desperately concerned.
Alternately, could someone please point me at the SHA algorithm.