Re: Combining Hashes

From: Frank Knobbe (frank_at_knobbe.us)
Date: 02/20/05

  • Next message: Frank Knobbe: "RE: SHA-1 broken"
    To: Aaron Mizrachi <aaron@synacksecurity.com>
    Date: Sun, 20 Feb 2005 11:30:05 -0600
    
    
    

    On Sat, 2005-02-19 at 00:54 -0400, Aaron Mizrachi wrote:
    > [...] The better
    > method (i think) is: HASH(HASH(data)), because adds two layer... and have the
    > same or more security than HASH(data).

    That's not an improvement. If you can fiddle data so that the inner hash
    has the same value as before the fiddling, the outer hash remains the
    same as well -- doesn't give you anything except a false sense of
    security. Kent's idea was better in that you would have to find common
    collisions in both algorithms in order to keep both hashes.

    Regards,
    Frank
     

    
    



  • Next message: Frank Knobbe: "RE: SHA-1 broken"