I wondered if one could make a logical argument that says, one could use a combination of hashes that have different collision resistances (e.g. SHA1⊕MD5) for each file, extending to any number of hashes to satisfy that the combination is unique for all files...
So I did a little research, and the short answer is NO! It turns out that the combined hash would be no better than the best of the hash functions in the combo: http://crypto.stackexchange.com/questions/270/guarding-against-cryptanalytic-breakthroughs-combining-multiple-hash-functions The Internet is a wonderful thing. On Mon, Feb 27, 2017 at 9:29 AM Bakul Shah <ba...@bitblocks.com> wrote: > My argument is that an archival system that can't store some files, no > matter how they were generated, is not good enough. A hash collision > researcher may have a legitimate reason to store such files. > > On Feb 27, 2017, at 9:07 AM, Charles Forsyth <charles.fors...@gmail.com> > wrote: > > > On 27 February 2017 at 16:47, Charles Forsyth <charles.fors...@gmail.com> > wrote: > > On 27 February 2017 at 15:46, Dave MacFarlane <driu...@gmail.com> wrote: > > Why not skip sha-256 and go directly to Sha3? > > > blake2 has also been suggested > > > also, it's not clear it's urgent for venti. the scam is to make a new > value that produces the same hash as an earlier important value where the > hash plays a part in certifying the value, > or where software uses the shorthand of comparing hashes to compare values > and acts on that without comparing the values. > with venti, the hash is produced as a side-effect of storing a value, and > it also records the value itself. > when the hash is presented, the stored block is returned. the hash itself > is a compact address and doesn't certify the value (ie, nothing that uses > venti assumes that it also certifies the value). > any attempt to store a different value with the same hash will be > detected. using any hash function has a chance of collision (newer, longer > hashes reduce that, but it's rare as it is). > because venti is write-once, no-one can change your venti contents subtly > without access to the storage device, but if they've got access to the > storage they don't need to be subtle. > with the collision-maker and access to the storage device, they can make a > previously certain vac: mean something different, but it still needs raw > access to the device, it can't be done through > the venti protocol. > >
