Let's say I have three messages: A
B
C
And I run each of these through two different Hashing algorithms: MD5
and SHA1
for this example
MD5(A) = X
MD5(B) = Y
MD5(C) = Y
SHA1(A) = N
SHA1(B) = N
SHA1(C) = M
Notice the MD5 hash of B
and C
collide. And the SHA
hash of A
and B
collide.
If I simply concatenate the digests, however, the results would be unique:
Combined Digest of A: XN
Combined Digest of B: YN
Combined Digest of C: YM
The underlying principle would be that whatever pair of messages could be found or constructed to form a collision with one hashing algorithm, wouldn't also form a collision with another hashing algorithm.
The combined digest length (for MD5/SHA1) would be 288 bits (128+160) -- but unless I'm missing something, this would be significantly more secure than a single hashing algorithm with a 288-bit digest.
Granted, in the example above I'm using MD5 and SHA1 which are both known to be effectively broken, but I'm hoping an answer exists that applies more conceptually to the premise than simply the choice of algorithms.
i.e., In a situation where collision resistance is critical, wouldn't the combination of SHA2-256 + SHA3-256
concatenated be more secure than a single iteration of SHA2-512
, or SHA3-512
?