Weaknesses in SHA-1
Thomas Sjögren
thomas at northernsecurity.net
Sat Oct 2 10:46:40 CEST 2004
On Sat, Oct 02, 2004 at 02:56:27AM -0400, Atom 'Smasher' wrote:
> with all this talk of (allegedly!) weak and broken hashes, i'd like to
> throw out a construct to combine 2 or more hashes and (it seems) make the
> construct more secure than either one of the hashes independently: take
> two or more hashes and XOR them.
And this creates what? Neither a sha1 or ripemed verification is
possible.
r = H(H(M))
or
H' = H(M)
H' -> H1,H2
H" = H(H1 xor H2)
r = H(H")
seems to me are better options, the first obviously faster than the
second.
the security improvements? none i guess if you're using anything else
than md5 or sha{0,1}.
/Thomas
--
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20041002/d74f8ac5/attachment.bin
More information about the Gnupg-users
mailing list