On Thu, 23 Dec 2010 16:33:59 -0800 (PST) John Hardin <jhar...@impsec.org> wrote:
[...] > To digress, I would suggest the solution to that (and what I wish PGP > had implemented from day one) is to sign using two different > cryptographic hash algorithms (e.g. MD5 _and_ SHA1). It's extremely > unlikely that two different hash algorithms would have the same > collision failure mode - i.e. it would be effectively impossible to > generate a single plaintext that would generate the desired hashes > for _both_ algorithms. I'm sure I read somewhere that in many cases, hashing with two different hash functions is as strong as the stronger of the two functions, but not any stronger than that. It's still a good idea if you don't know for sure *which* one is the stronger function. See "Concatenation of cryptographic has functions" at http://en.wikipedia.org/wiki/Cryptographic_hash_function Back on-topic: I don't think it's a problem to have a reversible way of encoding email addresses if they're used for blocking. The anti-phishing email reply address project produces a cleartext list of known phishing senders. These are (typically) compromised email accounts where the sender cannot continue to use the account and also change the sending address, so it does no harm to leave it in the clear. Regards, David.
