--- On Wed, 11/11/09, Eugen Leitl
From: Eugen Leitl
Subject: hedging our bets -- in case SHA-256 turns out to be insecure To: info@postbiota.org, cypherpunks@al-qaeda.net Date: Wednesday, November 11, 2009, 8:35 PM ----- Forwarded message from Zooko Wilcox-O'Hearn ----- From: Zooko Wilcox-O'Hearn
Date: Sun, 8 Nov 2009 03:30:47 -0800 To: Cryptography List , tahoe-dev@allmydata.org Subject: hedging our bets -- in case SHA-256 turns out to be insecure X-Mailer: Apple Mail (2.753.1) Folks:
[...]
I propose the following combined hash function C, built out of two hash functions H1 and H2:
C(x) = H1(H1(x) || H2(x))
Why not use C(x) = H1(x) XOR H2(x) ? That solves your length of the hash doubling problem and removes the time in computing the outer hash function. What is your attack model? Sarad.