On Thu, 21 Dec 2000, Bill Sommerfeld wrote:

> cryptographic engineering (as opposed to cryptography) involves making
> very conservative assumptions about the underlying cryptographic
> primitives, and taking the "hunches" and such of the Real
> Cryptographers(tm) very seriously.  Those cryptographers are saying
> "sha1 is most likely stronger than md5"...

Yup. There's a principle in crypto, though, that in many cases you can
take two algorithms A and B and combine them in such a way that the
resulting algorithm is at least as weak as the weaker of A and B, and very
probably stronger.

Eg, if you take an MD5 *and* and SHA1 and concatenate them. Even if both
are broken, finding a way of changing the file that breaks *both* of them
will be at least as tricky as finding a change that slips by each of them
in turn...

ABS

-- 
                               Alaric B. Snell
 http://www.alaric-snell.com/  http://RFC.net/  http://www.warhead.org.uk/
   Any sufficiently advanced technology can be emulated in software