hedging our bets -- in case SHA-256 turns out to be insecure
Sarad AV
jtrjtrjtr2001 at yahoo.com
Wed Nov 11 08:29:09 PST 2009
--- On Wed, 11/11/09, Eugen Leitl <eugen at leitl.org> wrote:
> From: Eugen Leitl <eugen at leitl.org>
> Subject: hedging our bets -- in case SHA-256 turns out to be insecure
> To: info at postbiota.org, cypherpunks at al-qaeda.net
> Date: Wednesday, November 11, 2009, 8:35 PM
> ----- Forwarded message from Zooko
> Wilcox-O'Hearn <zooko at zooko.com>
> -----
>
> From: Zooko Wilcox-O'Hearn <zooko at zooko.com>
> Date: Sun, 8 Nov 2009 03:30:47 -0800
> To: Cryptography List <cryptography at metzdowd.com>,
> tahoe-dev at allmydata.org
> Subject: hedging our bets -- in case SHA-256 turns out to
> be insecure
> X-Mailer: Apple Mail (2.753.1)
>
> Folks:
>
[...]
>
> I propose the following combined hash function C, built out
> of two
> hash functions H1 and H2:
>
> C(x) = H1(H1(x) || H2(x))
>
Why not use C(x) = H1(x) XOR H2(x) ?
That solves your length of the hash doubling problem and removes the time in
computing the outer hash function.
What is your attack model?
Sarad.
More information about the Testlist
mailing list