How to best compose two cryptographic hashes?

242 views Asked by At

Given two cryptographic hashes (e.g. using SHA1):

hash1 = sha1(data1)
hash2 = sha1(data2)

I would like to compose the two hashes into a value that "looks like" another hash (e.g. it is 160 bits for SHA1). Assume that only hash1 and hash2 are known, and data1 and data2 are unknown.

Option 1: compute the hash of the concatenation of the two hashes:

hash3 = sha1(concat(hash1, hash2))

Option 2: compute the XOR of the two hashes:

hash3 = hash1 XOR hash2

Which option is less likely to have collisions?

1

There are 1 answers

2
Jacob Mattison On BEST ANSWER

If you're concerned about hash collisions your best bet is to use a better hash algorithm, if possible (e.g. SHA-2 or SHA-3).

However, to answer your question: given two values, if you XOR them, you may see collisions even before you do the hashing. For example, 1110 XOR 1111 is 0001, and 0011 XOR 0011 is also 0001. On the other hand, concatenating the values can't introduce pre-hashing collisions. So I'd concatenate.