Combining HashesFeb 18 2005 03:24PM Kent Borg (kentborg borg org) (4 replies)
Concatenating two different hashes, for example SHA-1 and MD5,
apparently does not add as much security as one might hope.
What about more complicated compositions? For example, a reader
comment posted on Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html)
suggests the following:
d1=SHA-1(data)
d2=MD5(data)
d3=SHA-1(d1+data+d2)
The final digest would be d1+d2+d3
(where "+" is concatenation)
I admit I don't know why this might be significantly better than
d1+d2, I was hoping someone here would.
apparently does not add as much security as one might hope.
What about more complicated compositions? For example, a reader
comment posted on Bruce Schneier's blog
(http://www.schneier.com/blog/archives/2005/02/sha1_broken.html)
suggests the following:
d1=SHA-1(data)
d2=MD5(data)
d3=SHA-1(d1+data+d2)
The final digest would be d1+d2+d3
(where "+" is concatenation)
I admit I don't know why this might be significantly better than
d1+d2, I was hoping someone here would.
-kb
[ reply ]