Re: Added hashes.

daw@taverner.cs.berkeley.edu (David Wagner) writes:

> Juuso Hukkanen wrote:
> >What I ask is
> >if ONE of the two original hashes is truly perfectly random, so that
> >it can not be improved in anyway, does it then hide the faults in the
> >another hash _PERFECTLY_ if those are combined using modulus addition
> >or XORing.
>
> Unfortunately not. At least in theory, the combination could be far
> worse than either of the constituents. In practice, we would be very
> surprised to see this happen if the two hashes are unrelated, but there
> are no guarantees. I can't prove it won't happen.
>
> Suppose H(x) = F(x) xor G(x), for two hashes F and G.
>
> Example #1: F(x) = G(X) = SHA256(x). Then H(x) = 0 for all x, so
> finding collisions is easy.

I do remember the word 'independent' being mentioned in one of
Juuso's previous posts. It seems to have been dropped from this
most recent one. After it first appeared, I just assumed that
it was to be left in.
 
Phil

-- 
What is it: is man only a blunder of God, or God only a blunder of man?
-- Friedrich Nietzsche (1844-1900), The Twilight of the Gods