<<< Date Index >>>     <<< Thread Index >>>

Re: Combining Hashes



On Sat, 2005-02-19 at 00:54 -0400, Aaron Mizrachi wrote:
> [...] The better 
> method (i think) is: HASH(HASH(data)), because adds two layer... and have the 
> same or more security than HASH(data). 

That's not an improvement. If you can fiddle data so that the inner hash
has the same value as before the fiddling, the outer hash remains the
same as well -- doesn't give you anything except a false sense of
security. Kent's idea was better in that you would have to find common
collisions in both algorithms in order to keep both hashes. 

Regards,
Frank
 

Attachment: signature.asc
Description: This is a digitally signed message part