Re: Combining Hashes

To: "Aaron Mizrachi (unmanarc)" <aaron@xxxxxxxxxxxxxxxxxx>
Subject: Re: Combining Hashes
From: Ivan Krstic <krstic@xxxxxxxxxxxxxxx>
Date: Sun, 20 Feb 2005 22:10:03 +0100
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <200502190055.05271.aaron@xxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050218102419.F7251@xxxxxxxx> <200502190055.05271.aaron@xxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Aaron Mizrachi (unmanarc) wrote:

I dont recomend something as: HASH(HASH(data)+data) until a research ofpropietries of that where investigated and mathematical proved. The bettermethod (i think) is: HASH(HASH(data)), because adds two layer... and have thesame or more security than HASH(data).

The two options differ in speed and security. Doing h(h(m) + m) where his your hash function and m your message, is slow and requires m to bebuffered. It also defeats length extension and partial message attacks,so is considered a relatively complete solution to many inherent hashfunction weaknesses.

Doing h(h(m)) is faster, but you can only claim n/2 bits of security foran otherwise n-bit hash function h. Speed for security is usually a badtradeoff, so I recommend h(h(m) + m) as a better approach. Schneier andFerguson also take this approach in "Practical Cryptography" (WileyPublishing, 2003).

-IK

References:
- Combining Hashes
  - From: Kent Borg
- Re: Combining Hashes
  - From: unmanarc

Prev by Date: [FLSA-2005:2058] Updated cdrtools packages fix a security issue
Next by Date: [FLSA-2005:1945] Updated sox packages fix buffer overflows
Previous by thread: Re: Combining Hashes
Next by thread: Re: Combining Hashes
Index(es):
- Date
- Thread