Rather than storing user data when interacting with an app, I am storing the SHA3-256 of the data. This is because data storage in this particular environment is very limited.
The data can be several variables, e.g., a, b, and, c, but instead of saving them individually, I save the hash of the concatenation: SHA3(a,b,c).
When the user wants to interact with the system, they should send the variables again and the system will compare the hash of the summited variables with the stored hash. If they match, the system assumes that the variables are the same as summited initially. So, I end up saving only one variable instead of 3 in this example.
The data is public, so it is known to everyone. The question I have is if there is a security issue by hashing the concatenation of the variables (does this make it easy for the users to find a collision). Is there any difference if instead I hash every variable and then hash the concatenation of the hashes?
To elaborate the above, the reason I think this could make it easy for users to find collisions is that a, b and c are of different types and have min and max values; for instance, if c can only have values between 10 and 1000, the users can just try all the possible values of C to test for a lucky collision without much effort. Is this a reasonable concern?
Note that is not important who submits the data, just that the summited data is exactly the same as summited previously.
