lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 20 Feb 2005 20:06:29 +0100
From: "Peter J. Holzer" <hjp@....ac.at>
To: bugtraq@...urityfocus.com
Subject: Re: SHA-1 broken

On 2005-02-19 10:58:23 +0100, exon wrote:
> Michael Silk wrote:
> > But wouldn't it render a login-based hashing system resistant to the
> >current hashing problems if it is implemented something like:
> >
> > --
> > result = hashFunc1( input + hashFunc1(input) + salt )
> > //
> > // instead of
> > //
> > result = hashFunc1( input + salt )
> > --
> >
> 
> I assume you mean hashFUnc2 inside the parentheses (I'll refer to it as 
> that anyway, for clarity).

I don't think so. Hashing functions for login (e.g., the BSD/Linux style
MD5-hash) usually call the same hashing function multiple times.


> No it won't, because if hashFunc2 has collisions the resulting output 
> will collide in hashFunc1 as well.

No, it wont. (input1 + hashFunc2(input1)) and (input2 +
hashFunc2(input2)) are still different strings, even if
hashFunc2(input1) and hashFunc2(input2) collide, so you have to find an
input which collides in both hashes (well, not quite), which should be
harder to find than one which collides in only one.


> If you didn't mean hashFunc2 inside the parentheses, you have actually 
> lessened the collision resistance, owing to the possibility that two 
> different outputs might collide as well.

No, because again, (input1 + hashFunc1(input1)) and (input2 +
hashFunc1(input2)) are two different strings, even if hashFunc1(input1)
and hashFunc1(input2) collide, and they must collide as well. 

	hp

-- 
   _  | Peter J. Holzer      | If the code is old but the problem is new
|_|_) | Sysadmin WSR / LUGA  | then the code probably isn't the problem.
| |   | hjp@....ac.at        |
__/   | http://www.hjp.at/   |     -- Tim Bunce on dbi-users, 2004-11-05

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ