On Tuesday, 7 May 2019 01:57:30 CEST Martin Rex wrote: > Hubert Kario <hka...@redhat.com> wrote: > > On Friday, 3 May 2019 16:56:54 CEST Martin Rex wrote: > >> Hubert Kario <hka...@redhat.com> wrote: > >> > We've been over this Martin, the theoretical research shows that for > >> > Merkle- Damgård functions, combining them doesn't increase their > >> > security > >> > significantly. > >> > >> You are completely misunderstanding the results. > >> > >> The security is greatly increased! > > > > like I said, that were the follow up papers > > > > the original is still Joux: > > https://www.iacr.org/archive/crypto2004/31520306/multicollisions.pdf > > Thanks to Peter Gutmann for the summary: > > https://mailarchive.ietf.org/arch/msg/tls/g0MDCdZcHsvZefv4V8fssXMeEHs > > which you may have missed.
yes, Joux paper also shows that attacking MD5||SHA1 is harder than attacking SHA1 alone but that doesn't matter, what matters is _how much harder it is_ and Joux paper says that it's less than a work factor of two, something also knows as a "rounding error" for cryptographic attacks -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
