Is there an algorithm that computes the strength of a digest alg?

Michael StJohns mstjohns at comcast.net
Mon Oct 24 03:03:10 UTC 2011


Assuming that a1 and a2  both refer to MessageDigest implementations, then you could  simply compare MessageDigest.getInstance(a1).getDigestLength().  It won't give you an absolute - MD5 for example is weaker than its bit length would lead you to believe.

Also, getDigestLength() can return 0 to indicate the operation isn't supported, so building a table may just be easier.

Mike



At 09:52 PM 10/23/2011, Weijun Wang wrote:
>Hi Andrew
>
>I need a method
>
>  boolean isWeakerThan(String a1, String a2)
>
>so that isWeakerThan("MD5", "SHA1") returns true and isWeakerThan("SHA-256", "SHA1") returns false. I know you have done a lot of constraints works in JDK 7. Do you have an existing one? Otherwise, I plan to manually assign a value to each known algorithm and compare it.
>
>Thanks
>Max





More information about the security-dev mailing list