Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does an internal hash digest in a message strengthen an outer digest?

Tags:

cryptography

hash

A message digest is being used to verify that a message is the intended one.

By how much would bundling a hash digest with contents to form the message increase the difficulty of collision and preimage attacks against the message?

For example, to encode:

message = data . hash1(data)
message_hash = hash2(message)

To verify message using message_hash:

check(hash2(message) == message_hash)
data = message[:-digest_size]
check(hash1(data) == message[-digest_size:])

hash1 and hash2 could be completely different types of hash functions.

My reasoning for this was that any attack would have to break both hash functions - faking the outer digest would require constructing a message with a valid inner hash.

like image 367
Forrest Voight Avatar asked Jan 29 '26 05:01

Forrest Voight

2 Answers

If the outer hash algorithm is broken, the inner hash could help, but you have to consider how likely that scenario is with a well respected algorithm.

If the outer hash is so small that a brute force attack is feasible, the inner hash wouldn't help much at all. Instead of finding a message with the same hash, the attacker would have to find a message plus inner hash with the same outer hash, which pretty much amounts to the same thing.

So make the hash as large as you can, and concentrate on making sure there are no back doors in the rest of your system. 64 bits is probably just about OK unless you are anticipating a government or major corporation taking an interest in breaking your hash.

like image 55
Martin McBride Avatar answered Feb 01 '26 00:02

Martin McBride

Your proposal has something reminds me of HMAC. This is a construction that allows one to create message authentication codes, keyed hashes if you wish.

However, I don't see the point of using 2 hash functions. Pick a one of the standard ones that have resisted attacks so far and go with it. If you assume one of them will get broken, why use it in the first place? SHA-2 or any of the final candidates for the SHA3 competition should be fine if you want strong security, more info here: http://ehash.iaik.tugraz.at/wiki/The_SHA-3_Zoo.

like image 33
AVH Avatar answered Feb 01 '26 02:02

AVH
Sign in to Comment

Related questions

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!