[388] in cryptography@c2.net mail archive
Re: Q: security of 2-barreled hashing
daemon@ATHENA.MIT.EDU (David Wagner)
Wed Mar 19 11:40:46 1997
From: David Wagner <daw@cs.berkeley.edu>
To: munro@ci.com.au (Munro Saunders)
Date: Tue, 18 Mar 1997 22:46:50 -0800 (PST)
Cc: daw@cs.berkeley.edu, cryptography@c2.net, stewarts@ix.netcom.com,
kelsey@email.plnet.net
In-Reply-To: <199703190635.RAA18822@mippet.ci.com.au> from "Munro Saunders" at Mar 19, 97 05:35:18 pm
>
> I imagine that David Wagner may have written:
>
> > In article <199703180010.LAA13700@mippet.ci.com.au>,
> > Munro Saunders <munro@ci.com.au> wrote:
> > > My modification (where "," is concatenation):
> > >
> > > Superhash(M) = ( CRC(M , SHA1(M)) , SHA1(M) )
> > >
> > > Can anyone, see anything wrong with this?
> >
> > Yeah. This modification to Bill Stewart's proposal also falls to the
> > same attacks on the original proposal that I posted.
>
> > So your variant is no more secure than Bill Stewart's original proposal.
>
> Its broken. Perhaps not for exactly the same reasons as Bill Stewart
> gives, or maybe I just havn't understood him.
Actually, that was me who broke Bill Stewart's original proposal.
But who's counting.
And I do believe that my attack works on your Superhash(), as
explained in my second email.
But your collision attack is conceptually simpler, yes. I like it.
