Bugtraq mailing list archives
Re: Combining Hashes
From: Aaron Mizrachi (unmanarc) <aaron () synacksecurity com>
Date: Sat, 19 Feb 2005 00:54:56 -0400
El Vie 18 Feb 2005 11:24, Kent Borg escribió:
Concatenating two different hashes, for example SHA-1 and MD5, apparently does not add as much security as one might hope. What about more complicated compositions? For example, a reader comment posted on Bruce Schneier's blog (http://www.schneier.com/blog/archives/2005/02/sha1_broken.html) suggests the following: d1=SHA-1(data) d2=MD5(data) d3=SHA-1(d1+data+d2) The final digest would be d1+d2+d3 (where "+" is concatenation) I admit I don't know why this might be significantly better than d1+d2, I was hoping someone here would. -kb
Having d1+d2 may leave some useful information in order to obtain a collition more fastest because we can intersect these functions... SHA-1(d1+data+d2) is relative better than d1+d2. I dont think that is really secure... d2 or d1 may leave some useful information. we need to study and probe that. I dont recomend something as: HASH(HASH(data)+data) until a research of propietries of that where investigated and mathematical proved. The better method (i think) is: HASH(HASH(data)), because adds two layer... and have the same or more security than HASH(data). it's simple... if you use HASH(data), you can obtain HASH(HASH(data)), and crack from HASH(HASH(data)) (if 2-ble round hash is more weakness). A simple probe of a very basic crypto-system that isn't good idea have two rounds are: XOR, the second round leave the original text. With one way functions may happen something similar.
Attachment:
_bin
Description:
Current thread:
- Combining Hashes Kent Borg (Feb 19)
- Re: Combining Hashes unmanarc (Feb 19)
- Re: Combining Hashes Ivan Krstic (Feb 21)
- Re: Combining Hashes Frank Knobbe (Feb 21)
- Re: [lists] Combining Hashes Elliott Bäck (Feb 19)
- Re: Combining Hashes Felix Cuello (Feb 19)
- Re: Combining Hashes Joel Maslak (Feb 22)
- Re: Combining Hashes exon (Feb 20)
- Re: Combining Hashes unmanarc (Feb 19)