Weaknesses in SHA-1

Per Tunedal Casual pt at radvis.nu
Sun Oct 3 20:09:33 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:46 2004-10-02, you wrote:
 >``--------------------------------------------------------------------
 >---On
 >Sat, Oct 02, 2004 at 02:56:27AM -0400, Atom 'Smasher' wrote:
 >> with all this talk of (allegedly!) weak and broken hashes, i'd like
 >> to
 >> throw out a construct to combine 2 or more hashes and (it seems)
 >> make the
 >> construct more secure than either one of the hashes independently:
 >> take
 >> two or more hashes and XOR them.
 >
 >And this creates what? Neither a sha1 or ripemed verification is
 >possible.
 >
 >r = H(H(M))
 >
 >or
 >
 >H' = H(M)
 >H' -> H1,H2
 >H" = H(H1 xor H2)
 >r = H(H")
 >
 >seems to me are better options, the first obviously faster than the
 >second.
 >the security improvements? none i guess if you're using anything else
 >than md5 or sha{0,1}.
 >
 >/Thomas
 >--
Would you please supply a legend? I cannot interpret your mail.
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)

iD8DBQFBYEBWaDDfzFT+2PIRAivPAJ4vsL6smPnIpNi3JtVEBj1Ji6xv9gCgmx4x
xCf8H59B9DqrK6rlvAaRXAc=
=TaZ4
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list