Re: [security] SHA-1 is shattered, but I have a question

[AJ ONeal (Home)]

So as of this morning any SHA-1 hash can officially be collided for as little as $110k in GPU power on Amazon.

http://shattered.it/

https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

Obviously this means that for many applications SHA-1 is completely useless and that within the next few years it will have gone the way of MD5.

Question:

It seems that over time we decide that the best way to make things more secure is just to come up with algorithms that need more and more bit entropy and more and more CPU processing power which seems like a false solution.

If 128-bits of entropy is enough entropy, why don't we just come up with algorithms that can handle 128-bits of entropy better?

Furthermore, instead of moving to algorithms in which flaws will also eventually be found that increase the CPU, memory, and storage requirements so drastically (there's a HUGE difference between MD5 and SHA-256 when you're computing on a phone or a raspberry pi), why don't we just pair to imperfect algorithms together?

For example: couldn't we run 512 bits through the MD5 algorithm and then run those same 512 bits through a SHA-1 and do a simple mux on the combined result and even though both algorithms have known attacks, the coincidence of an attacker finding any set of bits that aligns in the tables of both algorithms seems that it would be quite secure. Or simply digesting the MD5 in reverse every block and scattering some of the previous source bits every n blocks - you could read a block in forwards, reverse the bits, run it through backwards, and then continue to the next block and after 16 blocks take the nth bit of the original source blocks, maybe even have a rolling window on it - holding less than 1k in memory at any given time.

It seems that we're trying to find this single ultimate mathematical solution to entropy to something that could be solved much simpler with two or three simpler mathematical solutions that are out-of-band from each other and this would be faster, more memory efficient, more storage efficient, and more secure than any single algorithm.

Is there a flaw in my reasoning?

AJ ONeal

[Carl Youngblood]

I learned enough in my advanced crypto course to know that there's a lot more to how the algorithms work than that. I'm far from an expert, but I gained enough respect for what is involved to basically just stick with the security community's recommendations:

https://www.keylength.com/en/4/