I think Jim McCoy and Jack Lloyd are talking past one another because you're thinking of different "secure hash" properties.
On Apr 28, 2008, at 4:03 PM, Jim McCoy wrote: > [Perhaps I am just misunderstanding your construction, but MD4(x) || > SHA-256(x) is only as strong as MD4, not stronger than SHA-256 > alone...] It depends on what properties you are talking about. Such a combination is at least as strong as the strongest hash for collision- resistance, but probably at least as weak as the weakest one for pre- image resistance. Consider SHAstupid = SHA-256(x) || first_256_bits_of_(x) This has collision resistance even better than SHA-256 has, but its preimage resistance is terrible. Regards, Zooko _______________________________________________ p2p-hackers mailing list [email protected] http://lists.zooko.com/mailman/listinfo/p2p-hackers
