On Wed, Mar 16, 2005 at 10:30:08AM -0800, Tom Lord wrote: > > The "combination" of two hash functions is itself a single hash function. > > So, arguments of the form "two are better than one", if mathematically > based, aim for the conclusion that nothing short of an infinite amount > of hashing code in core arch will be enough.
The specific advantage of two (way back when we actually designed this years ago) is this: Any given hashing function will inevitably be broken. When it is broken, there will be a period of vulnerability between the time when somebody breaks it and the time when it is no longer accepted by the code. This is guaranteed to occur. With two hashes, the two periods for them must *overlap* for there to be a vulnerable period. This is unlikely to occur. Adding more than two hashes merely reduces the probability, with diminishing returns. Having two reduces it from 'certain' to 'probably not'. (This is, of course, in the specific case of an intelligent user who reacts reasonably quickly to security advisories. Security for morons, isn't) -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
signature.asc
Description: Digital signature
_______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
