Bugtraq mailing list archives
Re: Combining Hashes
From: Frank Knobbe <frank () knobbe us>
Date: Sun, 20 Feb 2005 11:30:05 -0600
On Sat, 2005-02-19 at 00:54 -0400, Aaron Mizrachi wrote:
[...] The better method (i think) is: HASH(HASH(data)), because adds two layer... and have the same or more security than HASH(data).
That's not an improvement. If you can fiddle data so that the inner hash has the same value as before the fiddling, the outer hash remains the same as well -- doesn't give you anything except a false sense of security. Kent's idea was better in that you would have to find common collisions in both algorithms in order to keep both hashes. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Combining Hashes Kent Borg (Feb 19)
- Re: Combining Hashes unmanarc (Feb 19)
- Re: Combining Hashes Ivan Krstic (Feb 21)
- Re: Combining Hashes Frank Knobbe (Feb 21)
- Re: [lists] Combining Hashes Elliott Bäck (Feb 19)
- Re: Combining Hashes Felix Cuello (Feb 19)
- Re: Combining Hashes Joel Maslak (Feb 22)
- Re: Combining Hashes exon (Feb 20)
- Re: Combining Hashes unmanarc (Feb 19)