Is there an algorithm that computes the strength of a digest alg?
Michael StJohns
mstjohns at comcast.net
Mon Oct 24 03:03:10 UTC 2011
Assuming that a1 and a2 both refer to MessageDigest implementations, then you could simply compare MessageDigest.getInstance(a1).getDigestLength(). It won't give you an absolute - MD5 for example is weaker than its bit length would lead you to believe.
Also, getDigestLength() can return 0 to indicate the operation isn't supported, so building a table may just be easier.
Mike
At 09:52 PM 10/23/2011, Weijun Wang wrote:
>Hi Andrew
>
>I need a method
>
> boolean isWeakerThan(String a1, String a2)
>
>so that isWeakerThan("MD5", "SHA1") returns true and isWeakerThan("SHA-256", "SHA1") returns false. I know you have done a lot of constraints works in JDK 7. Do you have an existing one? Otherwise, I plan to manually assign a value to each known algorithm and compare it.
>
>Thanks
>Max
More information about the security-dev
mailing list