[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Combining Hashes

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Combining Hashes
From: Kent Borg <kentborg@xxxxxxxx>
Date: Fri, 18 Feb 2005 10:24:19 -0500

Concatenating two different hashes, for example SHA-1 and MD5,
apparently does not add as much security as one might hope.

What about more complicated compositions?  For example, a reader
comment posted on Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html)
suggests the following:

d1=SHA-1(data)
d2=MD5(data)
d3=SHA-1(d1+data+d2)

The final digest would be d1+d2+d3

(where "+" is concatenation)


I admit I don't know why this might be significantly better than
d1+d2, I was hoping someone here would.


-kb

Follow-Ups:
- Re: Combining Hashes
  - From: unmanarc
- Re: [lists] Combining Hashes
  - From: Elliott Bäck
- Re: Combining Hashes
  - From: Felix Cuello
- Re: Combining Hashes
  - From: exon

Prev by Date: Adobe Reader invalid root page node Count value DOS
Next by Date: MDKSA-2005:045 - Updated kdelibs packages fix vulnerabilities
Previous by thread: Adobe Reader invalid root page node Count value DOS
Next by thread: Re: Combining Hashes
Index(es):
- Date
- Thread