[security] SHA-1 is shattered, but I have a question

AJ ONeal (Home) coolaj86 at gmail.com
Thu Feb 23 10:12:47 MST 2017

So as of this morning any SHA-1 hash can officially be collided for as
little as $110k in GPU power on Amazon.



Obviously this means that for many applications SHA-1 is completely useless
and that within the next few years it will have gone the way of MD5.


It seems that over time we decide that the best way to make things more
secure is just to come up with algorithms that need more and more bit
entropy and more and more CPU processing power which seems like a false

If 128-bits of entropy is enough entropy, why don't we just come up with
algorithms that can handle 128-bits of entropy better?

Furthermore, instead of moving to algorithms in which flaws will also
eventually be found that increase the CPU, memory, and storage requirements
so drastically (there's a HUGE difference between MD5 and SHA-256 when
you're computing on a phone or a raspberry pi), why don't we just pair to
imperfect algorithms together?

For example: couldn't we run four batches of 512 bits through the MD5
algorithm and then run those 512 digest bits through a SHA-1 and even
though both algorithms have known attacks, the coincidence of an attacker
finding any set of bits that aligns in the tables of both algorithms seems
that it would be quite secure. Or simply digesting the MD5 in reverse every
block and scattering some of the previous source bits every n blocks - you
could read a block in forwards, reverse the bits, run it through backwards,
and then continue to the next block and after 16 blocks take the nth bit of
the original source blocks, maybe even have a rolling window on it -
holding less than 1k in memory at any given time.

It seems that we're trying to find this single ultimate mathematical
solution to entropy to something that could be solved much simpler with two
or three simpler mathematical solutions that are out-of-band from each
other and this would be faster, more memory efficient, more storage
efficient, and more secure than any single algorithm.

Is there a flaw in my reasoning?

AJ ONeal

More information about the PLUG mailing list