lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4218FCAB.3040402@hcs.harvard.edu>
Date: Sun, 20 Feb 2005 22:10:03 +0100
From: Ivan Krstic <krstic@....harvard.edu>
To: "Aaron Mizrachi (unmanarc)" <aaron@...acksecurity.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Combining Hashes


Aaron Mizrachi (unmanarc) wrote:
> I dont recomend something as: HASH(HASH(data)+data) until a research of 
> propietries of that where investigated and mathematical proved. The better 
> method (i think) is: HASH(HASH(data)), because adds two layer... and have the 
> same or more security than HASH(data).

The two options differ in speed and security. Doing h(h(m) + m) where h 
is your hash function and m your message, is slow and requires m to be 
buffered. It also defeats length extension and partial message attacks, 
so is considered a relatively complete solution to many inherent hash 
function weaknesses.

Doing h(h(m)) is faster, but you can only claim n/2 bits of security for 
an otherwise n-bit hash function h. Speed for security is usually a bad 
tradeoff, so I recommend h(h(m) + m) as a better approach. Schneier and 
Ferguson also take this approach in "Practical Cryptography" (Wiley 
Publishing, 2003).

-IK

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ