Given two cryptographic hashes (e.g. using SHA1):
hash1 = sha1(data1)
hash2 = sha1(data2)
I would like to compose the two hashes into a value that "looks like" another hash (e.g. it is 160 bits for SHA1). Assume that only hash1
and hash2
are known, and data1
and data2
are unknown.
Option 1: compute the hash of the concatenation of the two hashes:
hash3 = sha1(concat(hash1, hash2))
Option 2: compute the XOR of the two hashes:
hash3 = hash1 XOR hash2
Which option is less likely to have collisions?
If you're concerned about hash collisions your best bet is to use a better hash algorithm, if possible (e.g. SHA-2 or SHA-3).
However, to answer your question: given two values, if you XOR them, you may see collisions even before you do the hashing. For example, 1110 XOR 1111 is 0001, and 0011 XOR 0011 is also 0001. On the other hand, concatenating the values can't introduce pre-hashing collisions. So I'd concatenate.