Suppose I have a file verified.txt
that has a certain hash X.
An attacker can form an impostor.txt
that replicates the hash with different content, resulting in a collision for a given algorithm, and rendering the hash test useless.
However, could this be prevented by performing a second hash with a second algorithm, and comparing both hashes?
For example, are MD5 and SHA-1 dissimilar enough that a collision could not be created for both at once? Can I rely on the combination to be more secure?