Adding a nounce before hashing as covert channel

[Jacob Bachmeyer]

On 12/11/24 10:59, Rainer Perske wrote:
> Hey, you are discussing ways to circumvent the security risks of a weak hash algorithm.
>
> That is the wrong way and only wastes time and energy.
>
> Do NOT use a weak hash algorithm like SHA-1 at all any more.
>
> Simply choose a strong one like SHA-2 or SHA-3.
>
> This solution is so easy and helps much, much more than any use of salts or nonces.
>
> Because then the problem that you are trying to fix simply does not exist at all!
Some years ago, you could have given almost exactly the above advice, 
except with MD5 in place of SHA-1 and SHA-1 (!) in place of SHA-2 or SHA-3.

The problem is that strong algorithms *become* weak without advance 
warning.  Therefore, it is necessary to take measures to reduce the 
fragility of the overall system.


-- Jacob