Re: Let's shrink Packages.xz
* Peter Palfrader <weasel@debian.org>, 2014-07-14, 20:25:
The basic idea is that it's much harder to come up with a
simultaneoush hash collision with both SHA-1 and SHA-2 than breaking
either of them independently.
ISTR reading papers that put this "much harder" into doubt. But I
can't find those references, alas.
You might have had this paper in mind:
https://www.iacr.org/archive/crypto2004/31520306/multicollisions.pdf
Quoting §4: “If F and G are good iterated hash functions with no attack
better than the generic birthday paradox attack, we claim that the hash
function F||G obtained by concatenating F and G is not really more secure
that F or G by itself.”
--
Jakub Wilk
Reply to: