hedging our bets -- in case SHA-256 turns out to be insecure
Sarad AV
jtrjtrjtr2001 at yahoo.com
Wed Nov 11 08:29:09 PST 2009
--- On Wed, 11/11/09, Eugen Leitl <eugen at leitl.org> wrote:
> From: Eugen Leitl <eugen at leitl.org>
> Subject: hedging our bets -- in case SHA-256 turns out to be insecure
> To: info at postbiota.org, cypherpunks at al-qaeda.net
> Date: Wednesday, November 11, 2009, 8:35 PM
> ----- Forwarded message from Zooko
> Wilcox-O'Hearn <zooko at zooko.com>
> -----
>
> From: Zooko Wilcox-O'Hearn <zooko at zooko.com>
> Date: Sun, 8 Nov 2009 03:30:47 -0800
> To: Cryptography List <cryptography at metzdowd.com>,
> tahoe-dev at allmydata.org
> Subject: hedging our bets -- in case SHA-256 turns out to
> be insecure
> X-Mailer: Apple Mail (2.753.1)
>
> Folks:
>
[...]
>
> I propose the following combined hash function C, built out
> of two
> hash functions H1 and H2:
>
> C(x) = H1(H1(x) || H2(x))
>
Why not use C(x) = H1(x) XOR H2(x) ?
That solves your length of the hash doubling problem and removes the time in
computing the outer hash function.
What is your attack model?
Sarad.
More information about the cypherpunks-legacy
mailing list