Comment Re:Old (Score 1) 416
Probably? I'll grant you that the output of SHA-512 is going to be longer than combining several small hashes, but I don't intuitively see that it's necessarily more secure.
See Joux's work on multicollision attacks. While it was thought (before he developed this attack) that taking a (secure) N-bit hash and a (secure) M-bit hash and concatenating the outputs was equivalent to a secure (N+M)-bit hash, it turns out this is not the case - it's more like a max(N,M)-bit hash, for (some) security purposes, such as collision resistance.
It's not intuitive, though - at least not until after you see the attack. We had been designing and using hashes based on the Miyaguchi-Preneel and Davies-Meyer methods for well over a decade before Joux noticed the problem.
See Joux's work on multicollision attacks. While it was thought (before he developed this attack) that taking a (secure) N-bit hash and a (secure) M-bit hash and concatenating the outputs was equivalent to a secure (N+M)-bit hash, it turns out this is not the case - it's more like a max(N,M)-bit hash, for (some) security purposes, such as collision resistance.
It's not intuitive, though - at least not until after you see the attack. We had been designing and using hashes based on the Miyaguchi-Preneel and Davies-Meyer methods for well over a decade before Joux noticed the problem.
