| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b841ffed05022013587114cb42@mail.gmail.com> Date: Mon, 21 Feb 2005 08:58:54 +1100 From: Michael Silk <michaelsilk@...il.com> To: bugtraq@...urityfocus.com, exon@...e.se Subject: Re: SHA-1 broken Inline. > -----Original Message----- > From: exon [mailto:exon@...e.se] > Sent: Saturday, 19 February 2005 8:58 PM > To: bugtraq@...urityfocus.com > Subject: Re: SHA-1 broken > > Michael Silk wrote: > > Michael, > > > > But wouldn't it render a login-based hashing system > resistant to the > > current hashing problems if it is implemented something like: > > > > -- > > result = hashFunc1( input + hashFunc2(input) + salt ) > > // > > // instead of > > // > > result = hashFunc1( input + salt ) > > -- > > > > I assume you mean hashFUnc2 inside the parentheses Yes. > No it won't, because if hashFunc2 has collisions the > resulting output will collide in hashFunc1 as well. How? The attackers input is "input". He can only choose to enter a collision for "hashFunc1" _OR_ "hashFunc2". He can't enter a collision for both, but that is what he needs to pass this function with a different string from the original. > The > collision resistance in this case is somewhat less than that > of hashFunc2 (because two different outputs of hashFunc2 > might collide in hashFunc1, Sure, hashFunc2 might give collisions, but it doesn't mean anything unless _THOSE_ collisions are collisions in hashFunc1 that lead to the original hash. > but a > strong hash isn't supposed to depend on the algorithm not being known. Obviously. -- Michael
Powered by blists - more mailing lists