Re: Let's shrink Packages.xz

To: debian-devel@lists.debian.org
Subject: Re: Let's shrink Packages.xz
From: Jakub Wilk <jwilk@debian.org>
Date: Mon, 14 Jul 2014 21:17:14 +0200
Message-id: <[🔎] 20140714191714.GA4199@jwilk.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20140714182533.GK626@anguilla.noreply.org>
References: <[🔎] 20140714162547.GA3601@jwilk.net> <[🔎] CANGancvGugOFC2op=y7TZPH2jfdFq0GahnMVOfi+j2N=qtyffQ@mail.gmail.com> <[🔎] 87lhrv3jfq.fsf@windlord.stanford.edu> <[🔎] 20140714182533.GK626@anguilla.noreply.org>

* Peter Palfrader <weasel@debian.org>, 2014-07-14, 20:25:

The basic idea is that it's much harder to come up with asimultaneoush hash collision with both SHA-1 and SHA-2 than breakingeither of them independently.
ISTR reading papers that put this "much harder" into doubt. But Ican't find those references, alas.


You might have had this paper in mind:
https://www.iacr.org/archive/crypto2004/31520306/multicollisions.pdf

Quoting §4: “If F and G are good iterated hash functions with no attackbetter than the generic birthday paradox attack, we claim that the hashfunction F||G obtained by concatenating F and G is not really more securethat F or G by itself.”


--
Jakub Wilk

Reply to:

Follow-Ups:
- Re: Let's shrink Packages.xz
  - From: Russ Allbery <rra@debian.org>
- Re: Let's shrink Packages.xz
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- Let's shrink Packages.xz
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Let's shrink Packages.xz
  - From: ابراهیم محمدی <mebrahim@gmail.com>
- Re: Let's shrink Packages.xz
  - From: Russ Allbery <rra@debian.org>
- Re: Let's shrink Packages.xz
  - From: Peter Palfrader <weasel@debian.org>

Prev by Date: Re: Let's shrink Packages.xz
Next by Date: Re: Let's shrink Packages.xz
Previous by thread: Re: Let's shrink Packages.xz
Next by thread: Re: Let's shrink Packages.xz
Index(es):
- Date
- Thread