Inline. > -----Original Message----- > From: exon [mailto:exon@xxxxxxx] > Sent: Saturday, 19 February 2005 8:58 PM > To: bugtraq@xxxxxxxxxxxxxxxxx > Subject: Re: SHA-1 broken > > Michael Silk wrote: > > Michael, > > > > But wouldn't it render a login-based hashing system > resistant to the > > current hashing problems if it is implemented something like: > > > > -- > > result = hashFunc1( input + hashFunc2(input) + salt ) > > // > > // instead of > > // > > result = hashFunc1( input + salt ) > > -- > > > > I assume you mean hashFUnc2 inside the parentheses Yes. > No it won't, because if hashFunc2 has collisions the > resulting output will collide in hashFunc1 as well. How? The attackers input is "input". He can only choose to enter a collision for "hashFunc1" _OR_ "hashFunc2". He can't enter a collision for both, but that is what he needs to pass this function with a different string from the original. > The > collision resistance in this case is somewhat less than that > of hashFunc2 (because two different outputs of hashFunc2 > might collide in hashFunc1, Sure, hashFunc2 might give collisions, but it doesn't mean anything unless _THOSE_ collisions are collisions in hashFunc1 that lead to the original hash. > but a > strong hash isn't supposed to depend on the algorithm not being known. Obviously. -- Michael
