On Sat, 2005-02-19 at 00:54 -0400, Aaron Mizrachi wrote: > [...] The better > method (i think) is: HASH(HASH(data)), because adds two layer... and have the > same or more security than HASH(data). That's not an improvement. If you can fiddle data so that the inner hash has the same value as before the fiddling, the outer hash remains the same as well -- doesn't give you anything except a false sense of security. Kent's idea was better in that you would have to find common collisions in both algorithms in order to keep both hashes. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part