Re: Making a weak Hash stronger until a fix comes along -- concatenation of hash functions...
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 09/26/05
- Next message: Bryan Olson: "Re: Discrete logarithm and Chinese Remainder Theorem"
- Previous message: Hugo: "Re: How To Abandon Microsoft"
- In reply to: Max Power: "Making a weak Hash stronger until a fix comes along -- concatenation of hash functions..."
- Next in thread: Roger Schlafly: "Re: Making a weak Hash stronger until a fix comes along -- concatenation of hash functions..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 25 Sep 2005 22:50:52 +0000 (UTC)
Max Power wrote:
>-- md5(md4(message))
MD4 is broken. So this is useless; once you have a collision for
MD5, you have a collision for your proposed scheme.
>-- md5([md5(message)+crc32(message)]) // "+" is a stringwise operator
This is probably insecure, thanks to the Joux attack: you find a
2^16-multi-collision for MD5, then you will likely be able to identify
a pair of messages with the same CRC and the same MD5 hash.
>-- sha(1, [sha(0, message])
>-- sha(1, [sha(1, message)+salt_out])
>// 0 and 1 denote different versions of SHA
I don't see any reason to expect this to be any more secure than SHA1.
The current SHA1 collision attacks are differential attacks, so it should
probably be easy to find a collision for either sha(0, .) or sha(1, .),
and then that is a collision for your proposed scheme.
- Next message: Bryan Olson: "Re: Discrete logarithm and Chinese Remainder Theorem"
- Previous message: Hugo: "Re: How To Abandon Microsoft"
- In reply to: Max Power: "Making a weak Hash stronger until a fix comes along -- concatenation of hash functions..."
- Next in thread: Roger Schlafly: "Re: Making a weak Hash stronger until a fix comes along -- concatenation of hash functions..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
