Far better to use public-key signatures

Far better to use public-key signatures

Posted Dec 20, 2007 7:45 UTC (Thu) by anselm (subscriber, #2796)
In reply to: Far better to use public-key signatures by khim
Parent article: The backdooring of SquirrelMail

One short-term way of alleviating this problem could be by publishing (and signing) both an MD5 and an SHA-1 checksum of the archive(s) in question. Even if an ambitious attacker managed to find a way to compromise an archive such that its MD5 or SHA-1 checksum stayed the same while the modified code still made sense, finding such a compromise that kept both hashes identical would be that much more difficult. (For extra credit, use two hash functions that are not as closely related as MD5 and SHA-1, or add a third one.)

---

(Log in to post comments)

And, also add the size of the files.  Might as well make things even a little more difficult
to the attacker by reducing even more the set of possible streams he can use...

Sadly it's been shown that using both hashes doesn't increase the work factor by very much.

One has to take into effect that when most times people say that it doesn't increase the work
load they are talking about order of magnitude things... and that it doesn't increase the
factor if certain factors are true. Finding a match between SHA1 and 'pull out unrelated of my
butt' Hash might only extend the time to see it by months or years versus decades... and is
not non-trivial.. may only be 'trivial' to the mathmetician who was testing it against a
theoretical 10^20 years to find a match.