Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Cryptographic hash function
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Concatenation == [[Concatenation|Concatenating]] outputs from multiple hash functions provide collision resistance as good as the strongest of the algorithms included in the concatenated result.{{Citation needed|date=May 2016}} For example, older versions of [[Transport Layer Security|Transport Layer Security (TLS) and Secure Sockets Layer (SSL)]] used concatenated [[MD5]] and [[SHA-1]] sums.{{sfn|Mendel|Rechberger|Schläffer|2009|p=145|ps= :Concatenating ... is often used by implementors to "hedge bets" on hash functions. A combiner of the form MD5|SHA-1 as used in SSL3.0/TLS1.0 ... is an example of such a strategy.}}{{sfn|Harnik|Kilian|Naor|Reingold|2005|p=99|ps=: the concatenation of hash functions as suggested in the TLS... is guaranteed to be as secure as the candidate that remains secure.}} This ensures that a method to find collisions in one of the hash functions does not defeat data protected by both hash functions.{{Citation needed|date=May 2016}} For [[Merkle–Damgård construction]] hash functions, the concatenated function is as collision-resistant as its strongest component, but not more collision-resistant.{{Citation needed|date=May 2016}} [[Antoine Joux]] observed that 2-collisions lead to {{math|''n''}}-collisions: if it is feasible for an attacker to find two messages with the same MD5 hash, then they can find as many additional messages with that same MD5 hash as they desire, with no greater difficulty.{{sfn|Joux|2004}} Among those {{math|''n''}} messages with the same MD5 hash, there is likely to be a collision in SHA-1. The additional work needed to find the SHA-1 collision (beyond the exponential birthday search) requires only [[polynomial time]].<ref name="urlGmane">{{cite web |url=http://article.gmane.org/gmane.comp.encryption.general/5154 |title=More Problems with Hash Functions |first=Hal |last=Finney |author-link=Hal Finney (computer scientist) |date=August 20, 2004 |work=The Cryptography Mailing List |access-date=May 25, 2016 |archive-url=https://web.archive.org/web/20160409095104/http://article.gmane.org/gmane.comp.encryption.general/5154 |archive-date=April 9, 2016 |url-status=dead}}</ref>{{sfn|Hoch|Shamir|2008|pp=616–630}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)