Svenne Krap wrote:
> I would still prefer two hash functions as they do add a better
> safeguard towards collisions (the gentoo distribtion actually hashes
> the files by three different algorithms SHA1, SHA256 and RMD160) - i
> would be inclined to use three hashes too, if they were instantly
> available.
Technically MD5 (128 bits) + SHA1 (160 bits) gives better strength than
MD5 on its own, or SHA1 on its own, in that finding one collision is
likely to be insufficient to break in, however, I doubt you could
mathematically prove that it would perform equal to a 128 + 160 = 288
bit equivalent strength hash function. At the bare minimum, I refer you
to the fact that each component on its own represents a self-contained
hash of the entire document, and a small change in a real-life document
will presumedly affect both values (this is how hash functions are
designed), therefore, for real-life documents, there are bit patterns
that will never coincide, therefore, not all 288 bits are being used.
For real-life documents, it is highly likely that the MD5 and the SHA1
will always be a ~1:1 mapping (how many collision have truly been found
in practice?), and the effective bit strength of the total for real
documents approaches the highest of the two - which is 160 bits. I
suggest that MD5 + SHA1 is not 128 bits better than SHA1 on its own.
In any case, this is all irrelevant, because md5 passwords are still
very useful, and the argument that "more = better" is a never ending
infinite resource trap. More is not better. Better is better. If you can
prove md5 is insufficient for PostgreSQL passwords, the correct decision
would be to switch to something better, and deprecate md5 from the core.
Cheers,
mark
--
Mark Mielke <mark@mielke.cc>