[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5
Bill Frantz
frantz at pwpconsult.com
Mon Mar 24 21:38:50 EDT 2014
On 3/24/14 at 11:09 AM, leichter at lrw.com (Jerry Leichter) wrote:
>There's a paper we mentioned here quite a way back that showed
>that if you're looking for collision resistance, using multiple
>hashes in parallel - i.e., compute and all k hashes and
>concatenate to produce a "super hash" - is only minimally
>stronger than the strongest of the hashes you started with.
>(The paper proves this counter-intuitive result based on the -
>counterintuitive - ease of finding multi-collisions once you
>can find collisions.)
The reason here for combining algorithms is not to get something
better than any of them, but rather to have protection against a
serious break in one of them. Pick two (or more) algorithms each
of which is strong enough for the application. Make sure they
are built on different principles if you can. Combine the
outputs. Now if one is broken, you still have the protection of
the other.
BTW, this paper talks of concatenates the outputs of the hashes
because it is trying for additional strength. If we just want,
"As strong as the best of the bunch", can we XOR instead of
concatenating? The result is more likely to fit in with existing
protocols and will be cheaper to transmit on the wire.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Re: Hardware Management Modes: | Periwinkle
(408)356-8506 | If there's a mode, there's a | 16345
Englewood Ave
www.pwpconsult.com | failure mode. - Jerry Leichter | Los Gatos,
CA 95032
More information about the cryptography
mailing list