* Peter Palfrader <wea...@debian.org>, 2014-07-14, 20:25:
The basic idea is that it's much harder to come up with a
simultaneoush hash collision with both SHA-1 and SHA-2 than breaking
either of them independently.
ISTR reading papers that put this "much harder" into doubt. But I
can't find those references, alas.
You might have had this paper in mind:
https://www.iacr.org/archive/crypto2004/31520306/multicollisions.pdf
Quoting §4: “If F and G are good iterated hash functions with no attack
better than the generic birthday paradox attack, we claim that the hash
function F||G obtained by concatenating F and G is not really more secure
that F or G by itself.”
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140714191714.ga4...@jwilk.net
