Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Chinese Prof Cracks SHA-1 Data Encryption Scheme

randombit Re:Old (416 comments)

Probably? I'll grant you that the output of SHA-512 is going to be longer than combining several small hashes, but I don't intuitively see that it's necessarily more secure.

See Joux's work on multicollision attacks. While it was thought (before he developed this attack) that taking a (secure) N-bit hash and a (secure) M-bit hash and concatenating the outputs was equivalent to a secure (N+M)-bit hash, it turns out this is not the case - it's more like a max(N,M)-bit hash, for (some) security purposes, such as collision resistance.

It's not intuitive, though - at least not until after you see the attack. We had been designing and using hashes based on the Miyaguchi-Preneel and Davies-Meyer methods for well over a decade before Joux noticed the problem.

about 8 years ago


randombit hasn't submitted any stories.


randombit has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?