Math/crypto question

Let's say I have downloaded a file and I want to make sure of its integrity. The source has provided a hash and widely distributed it, so I'm fully convinced that the hash is genuine.

Given that the source has provided an MD5 hash and a SHA-1 hash, is it significantly more difficult for Mallory to come up with engineered malware that fits both the MD5 hash and the SHA-1 hash, than it is to duplicate one but not the other? How much more difficult?

The computational cost to the source of providing both hashes is relatively small -- they do about twice the work they would have otherwise. The computational cost to me is the same increase.

Let's suppose that the file is quite large -- 200MB or so, the size of a Debian network-install boot CD. Mallory wants to write a payload that needs about 10MB of changes, and is OK with changing the other 190MB in any way necessary to match the hashes.

Math/crypto question

Let's say I have downloaded a file and I want to make sure of its integrity. The source has provided a hash and widely distributed it, so I'm fully convinced that the hash is genuine.

Given that the source has provided an MD5 hash and a SHA-1 hash, is it significantly more difficult for Mallory to come up with engineered malware that fits both the MD5 hash and the SHA-1 hash, than it is to duplicate one but not the other? How much more difficult?

The computational cost to the source of providing both hashes is relatively small -- they do about twice the work they would have otherwise. The computational cost to me is the same increase.

Let's suppose that the file is quite large -- 200MB or so, the size of a Debian network-install boot CD. Mallory wants to write a payload that needs about 10MB of changes, and is OK with changing the other 190MB in any way necessary to match the hashes.