Re: Combining Hashes
From: Frank Knobbe (frank_at_knobbe.us)
Date: 02/20/05
- Previous message: Marc Deslauriers: "[FLSA-2005:1944] GNOME VFS updates address extfs vulnerability"
- In reply to: unmanarc: "Re: Combining Hashes"
- Next in thread: Elliott Bäck: "Re: [lists] Combining Hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Aaron Mizrachi <aaron@synacksecurity.com> Date: Sun, 20 Feb 2005 11:30:05 -0600
On Sat, 2005-02-19 at 00:54 -0400, Aaron Mizrachi wrote:
> [...] The better
> method (i think) is: HASH(HASH(data)), because adds two layer... and have the
> same or more security than HASH(data).
That's not an improvement. If you can fiddle data so that the inner hash
has the same value as before the fiddling, the outer hash remains the
same as well -- doesn't give you anything except a false sense of
security. Kent's idea was better in that you would have to find common
collisions in both algorithms in order to keep both hashes.
Regards,
Frank
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Marc Deslauriers: "[FLSA-2005:1944] GNOME VFS updates address extfs vulnerability"
- In reply to: unmanarc: "Re: Combining Hashes"
- Next in thread: Elliott Bäck: "Re: [lists] Combining Hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
