Timeline for Guarding against cryptanalytic breakthroughs: combining multiple hash functions
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S May 28, 2016 at 13:05 | history | suggested | wythagoras | CC BY-SA 3.0 | use of MathJax |
| May 28, 2016 at 12:04 | review | Suggested edits | |||
| S May 28, 2016 at 13:05 | |||||
| Dec 14, 2013 at 16:32 | comment | added | Arno Mittelbach | Multicollisions are based on collisions in the compression function as Paulo points out. If you have some of those, you can exploit the iterated structure (mostly Merkle-Damgaard) of the hash function. This has nothing to do, however, with the concationation combiner $H_1(m)\|H_2(m)$. | |
| Oct 23, 2013 at 19:08 | history | edited | B-Con | CC BY-SA 3.0 | Corrected dead link, inserted paper title. |
| Jul 29, 2011 at 18:07 | comment | added | Paŭlo Ebermann | It looks like the attacks described here all work from a collision in the compressing function to generate multi-attacks on long messages by selecting the right blocks for individual messages. They don't really apply on short messages (about hash output size or such), or messages of some fixed format (without enough space to insert random collisions), I think. | |
| Jul 29, 2011 at 17:56 | comment | added | Paŭlo Ebermann | In fact, I was content of having resistance(combination) = max(resistance(H1), resistance(H2)), for all useful values of resistance (preimage, collision, second-preimage). | |
| Jul 29, 2011 at 16:11 | history | answered | PulpSpy | CC BY-SA 3.0 |