-----Original Message-----
From: exon [mailto:exon@xxxxxxx]
Sent: Saturday, 19 February 2005 8:58 PM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SHA-1 broken
Michael Silk wrote:
Michael,
But wouldn't it render a login-based hashing system
resistant to the
current hashing problems if it is implemented something like:
--
result = hashFunc1( input + hashFunc2(input) + salt )
//
// instead of
//
result = hashFunc1( input + salt )
--
I assume you mean hashFUnc2 inside the parentheses
Yes.
No it won't, because if hashFunc2 has collisions the
resulting output will collide in hashFunc1 as well.
How?
The attackers input is "input". He can only choose to enter a
collision for "hashFunc1" _OR_ "hashFunc2". He can't enter a
collision for both, but that is what he needs to pass this
function with a different string from the original.
The
collision resistance in this case is somewhat less than that
of hashFunc2 (because two different outputs of hashFunc2
might collide in hashFunc1,
Sure, hashFunc2 might give collisions, but it doesn't mean anything
unless _THOSE_ collisions are collisions in hashFunc1 that lead to the
original hash.