Re: Added hashes.

"John A. Malley" <johnmrcswa@earthlink.net> writes:
> I think that is a step in the right direction for defining independent
> hash functions. Two hash functions are independent (with respect a
> level of resources defined for an adversary) if the pair cannot be
> distinguished from a pair of random oracles,

Well, ok, but what does that have to do with combining potentially
flawed hash functions? For example, are sha1 and whirlpool
independent? Consider md4 and md5, two hash functions that are maybe
not terrible, but which are now both broken. Can you make a
convincing case that (md4 xor md5) is unbreakable? If not, why should
(sha1 xor whirlpool) be any better?

If you have even one hash function that you're sure can't be
distinguished from a random oracle, you may as well just use it and
not worry about combining it with other hashes.

If you're going to talk about combining independent but imperfect
hashes, your definition of independence has to extend to those hashes.
It can't rely on them being undistinguishable from random oracles.

Note that all the md4/md5/sha-like hashes are easily distinguished
from random oracles because of the message extension property. But
that doesn't make them insecure.
Received on Fri Dec 23 20:10:15 2005