25 Apr
2007
25 Apr
'07
4:38 p.m.
> That is why the hashcode algorithm being used
should be kept secret
On Wed, 25 Apr 2007, Eric J Korpela wrote:
No, quite the opposite. The hashcode algorithm should
be as public as
possible so any weakness can be found. What keeps a hashcode secure is
the amount of time it takes to find collisions.
I REALLY should have put that in quotes or appended a smiley.
Security through obscurity can only work for a very short time.
I have a string that has an MD5 hash of
d373a246bddeed37feec0c1c7c7b92ca.
certainly each bit doubles the strength. I thought that we were talking
about relatively trivial ones of 16 bits, etc.
Now try to find the one that also has an sha1 hash of
d79b75daa96671379b52210e1e3bf341c061f1cf
Would probably have to do significant expansion of Gilmore's "Deep Crack".