Network Security: Detailed info on Re: Combining Hashes

Subject:	Re: Combining Hashes
Date:	Sun, 20 Feb 2005 22:10:03 +0100

Aaron Mizrachi (unmanarc) wrote:

I dont recomend something as: HASH(HASH(data)+data) until a research of propietries of that where investigated and mathematical proved. The better method (i think) is: HASH(HASH(data)), because adds two layer... and have the same or more security than HASH(data).

The two options differ in speed and security. Doing h(h(m) + m) where h is your hash function and m your message, is slow and requires m to be buffered. It also defeats length extension and partial message attacks, so is considered a relatively complete solution to many inherent hash function weaknesses.

Doing h(h(m)) is faster, but you can only claim n/2 bits of security for an otherwise n-bit hash function h. Speed for security is usually a bad tradeoff, so I recommend h(h(m) + m) as a better approach. Schneier and Ferguson also take this approach in "Practical Cryptography" (Wiley Publishing, 2003).

-IK

<Prev in Thread]	Current Thread	[Next in Thread>
Combining Hashes, Kent Borg Re: Combining Hashes, unmanarc Re: Combining Hashes, Ivan Krstic <= Re: Combining Hashes, Frank Knobbe Re: [lists] Combining Hashes, Elliott Bäck Re: Combining Hashes, Felix Cuello Re: Combining Hashes, Joel Maslak Re: Combining Hashes, exon

Previous by Date:	Windows Firewall Has A Backdoor, Jay Calvert
Next by Date:	Re: SHA-1 broken, Michael Silk
Previous by Thread:	Re: Combining Hashes, unmanarc
Next by Thread:	Re: Combining Hashes, Frank Knobbe
Indexes:	[Date] [Thread] [Top] [All Lists]