Re: SHA-1 broken

To: bugtraq@xxxxxxxxxxxxxxxxx, exon@xxxxxxx
Subject: Re: SHA-1 broken
From: Michael Silk <michaelsilk@xxxxxxxxx>
Date: Mon, 21 Feb 2005 08:58:54 +1100
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding; b=iAkXFMhcW9gg/dbkQPQiRG/ZgO3cmo9XbDc5mzEU6d2lPmjJQ4AeEF+kVObbqktuWn8Hur8T+0M2wg46lb5mIIEkdaPSh4GOAt8PzawD2wjf2980WHxZtagN4CIPmcOFMsddCjC+HKx3JtB3g2B+jnqyiqcYKG0U4djmS5mVtEg=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: Michael Silk <michaelsilk@xxxxxxxxx>

Inline. 

> -----Original Message-----
> From: exon [mailto:exon@xxxxxxx] 
> Sent: Saturday, 19 February 2005 8:58 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Re: SHA-1 broken
> 
> Michael Silk wrote:
> > Michael,
> > 
> >  But wouldn't it render a login-based hashing system 
> resistant to the 
> > current hashing problems if it is implemented something like:
> > 
> >  --
> >  result = hashFunc1( input + hashFunc2(input) + salt ) 
> > // 
> > // instead of
> > //
> > result = hashFunc1( input + salt )
> >  --
> > 
> 
> I assume you mean hashFUnc2 inside the parentheses 

Yes.

> No it won't, because if hashFunc2 has collisions the 
> resulting output will collide in hashFunc1 as well. 

How?

The attackers input is "input". He can only choose to enter a
collision for "hashFunc1" _OR_ "hashFunc2". He can't enter a
collision for both, but that is what he needs to pass this
function with a different string from the original.

> The 
> collision resistance in this case is somewhat less than that 
> of hashFunc2 (because two different outputs of hashFunc2 
> might collide in hashFunc1, 

Sure, hashFunc2 might give collisions, but it doesn't mean anything
unless _THOSE_ collisions are collisions in hashFunc1 that lead to the
original hash.

> but a 
> strong hash isn't supposed to depend on the algorithm not being known.

Obviously.

-- Michael

Follow-Ups:
- Re: SHA-1 broken
  - From: exon

Prev by Date: Re: Joint encryption?
Next by Date: RE: Joint encryption?
Previous by thread: Re: SHA-1 broken
Next by thread: Re: SHA-1 broken
Index(es):
- Date
- Thread