Propping up SHA-1 (or MD5)

Florian Weimer fw at
Wed Mar 23 11:35:50 EST 2005

* Ben Laurie:

> Musing on these points, I wondered about the construction:
> H'(x)=H(H(x) || H(H(x) || x))
> which doesn't allow an attacker any choice, doesn't change APIs

Unfortunately, it does, in a rather fundamental way: streamed
processing is no longer possible.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list