Re: Combining Hashes
From: Ivan Krstic (krstic_at_hcs.harvard.edu)
Date: 02/20/05
- Previous message: H D Moore: "Re: Knox Arkeia remote root/system exploit"
- In reply to: unmanarc: "Re: Combining Hashes"
- Next in thread: Frank Knobbe: "Re: Combining Hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 20 Feb 2005 22:10:03 +0100 To: "Aaron Mizrachi (unmanarc)" <aaron@synacksecurity.com>
Aaron Mizrachi (unmanarc) wrote:
> I dont recomend something as: HASH(HASH(data)+data) until a research of
> propietries of that where investigated and mathematical proved. The better
> method (i think) is: HASH(HASH(data)), because adds two layer... and have the
> same or more security than HASH(data).
The two options differ in speed and security. Doing h(h(m) + m) where h
is your hash function and m your message, is slow and requires m to be
buffered. It also defeats length extension and partial message attacks,
so is considered a relatively complete solution to many inherent hash
function weaknesses.
Doing h(h(m)) is faster, but you can only claim n/2 bits of security for
an otherwise n-bit hash function h. Speed for security is usually a bad
tradeoff, so I recommend h(h(m) + m) as a better approach. Schneier and
Ferguson also take this approach in "Practical Cryptography" (Wiley
Publishing, 2003).
-IK
- Previous message: H D Moore: "Re: Knox Arkeia remote root/system exploit"
- In reply to: unmanarc: "Re: Combining Hashes"
- Next in thread: Frank Knobbe: "Re: Combining Hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
