[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5

[Bill Frantz]

On 3/24/14 at 11:09 AM, leichter at lrw.com (Jerry Leichter) wrote:

>There's a paper we mentioned here quite a way back that showed 
>that if you're looking for collision resistance, using multiple 
>hashes in parallel - i.e., compute and all k hashes and 
>concatenate to produce a "super hash" - is only minimally 
>stronger than the strongest of the hashes you started with.  
>(The paper proves this counter-intuitive result based on the - 
>counterintuitive - ease of finding multi-collisions once you 
>can find collisions.)

The reason here for combining algorithms is not to get something 
better than any of them, but rather to have protection against a 
serious break in one of them. Pick two (or more) algorithms each 
of which is strong enough for the application. Make sure they 
are built on different principles if you can. Combine the 
outputs. Now if one is broken, you still have the protection of 
the other.

BTW, this paper talks of concatenates the outputs of the hashes 
because it is trying for additional strength. If we just want, 
"As strong as the best of the bunch", can we XOR instead of 
concatenating? The result is more likely to fit in with existing 
protocols and will be cheaper to transmit on the wire.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | Re: Hardware Management Modes: | Periwinkle
(408)356-8506      | If there's a mode, there's a   | 16345 
Englewood Ave
www.pwpconsult.com | failure mode. - Jerry Leichter | Los Gatos, 
CA 95032