The "combination" of two hash functions is itself a single hash function.
So, arguments of the form "two are better than one", if mathematically based, aim for the conclusion that nothing short of an infinite amount of hashing code in core arch will be enough.
It's not mathmatically based. It's pragmatic. It means that when one hash is broken, you have a window of opportunity to replace the broken hash with an unbroken one. You are not vulnerable until both hashes are broken, so unless both hashes are broken before you replace one of them, you will never be vulnerable.
Aaron -- Aaron Bentley Director of Technology Panometrics, Inc.
_______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users
GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
