On Dec 2, 2007 12:55 AM, Toby Thain <<a href="mailto:email@example.com">firstname.lastname@example.org</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
My point was that any *single* hash might one day be shown vulnerable<br>to a similar technique, but using two together (as is sometimes<br>already done) should be much more resistant?<br></blockquote></div><br>As A. Joux presents in "Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions"
<a href="http://www.springerlink.com/content/dwwvmqju0n0a3ugj/">http://www.springerlink.com/content/dwwvmqju0n0a3ugj/</a> this approach might be far less effective than one might think.<br><br>Just found this thread which tries to explain it a bit:
<a href="https://lists.ubuntu.com/archives/bazaar/2007q1/021478.html">https://lists.ubuntu.com/archives/bazaar/2007q1/021478.html</a>. If you google you can find more and maybe better links which say that, yes, combining two hashes (md5 + sha1) improves the hash quality but not as much as if you used a good hash (sha256) from the beginning. Besides that, using two hash functions makes everything much more complex.
<br>And no, I am neither able to follow the math completely.<br><br>Some time ago I drew one conclusion for myself: I am no cryptography expert therefore I have to strictly adhere to the paths real cryptography experts have built. I should not draw my own conclusions. And one of the reversal conclusions: Even if I was a cryptography expert I should wait for other crypto experts to validate my new paths before I may follow them. Your mileage may vary.