After finding the right search terms (concatenating hash functions), I found a few stackexchange discussions about this, which lead me to other methods like truncating a stronger hash function[1], and chaining hash functions[2]. Apparently TLS already concatenates MD5 and SHA1 [2][3].
Given that the article is about collision attacks and not preimage resistance, that was my main thought when thinking of the issue. I'll leave it to the experts to figure out what's the best for cryptographic hash functions.
I suppose I missed the assumption that h_0, h_1 and h_2 cannot be trivially decomposed into concatenations of other hash functions, whereas h_3 and h_4 can.
Also, there's no obscurity since h_1 and h_2 are the actual targeted hash functions, h_3 and h_4 are just to show that concatenation doesn't change the actual problem or make it harder.
I will try to show the difference between one 256-bit hash function and two 128-bit hash functions.
Let h_0(x) be a 256-bit hash function. Let h_1(x) and h_2(x) be 128-bit hash functions.
Let h_3(x) = h_1(x) + h_2(x), h_4(x) = h_2(x) + h_1(x), where '+' is the concatenation operator. Thus h_3(x) and h_4(x) are also 256-bit hash functions.
Given an object x_1, find x_2 that satisfies one of the following conditions:
(1) h_0(x_1) = h_0(x_2)
(2) h_3(x_1) = h_3(x_2) AND h_4(x_1) = h_4(x_2)
Finding a collision for a single 256-bit hash function would be trying to solve (1), but finding collisions for two 128-bit hash functions would be trying to solve (2).
Also note that (2) is not equivalent to finding collisions for two 256-bit hash functions.
I think the misconception comes from the fact that the multiple hashes form an unordered set, not an ordered concatenation.
If there's any mistake in my logic please feel free to point them out.
Edit: (2) can be simplified into h_1(x_1) = h_1(x_2) AND h_2(x_1) = h_2(x_2), as concatenation of the hashes does not turn h_3 and h_4 into "real" 256-bit hash functions.
Other than using a stronger hashing algorithm that produces longer hashes, would there be any advantage in storing two or more separate hashes of an object? The extra hashes could be from a different hash function, or a hash of the reversed bits/bytes.
I wonder about the difficulty of producing collisions for a single 256-bit hash function versus two 128-bit hash functions, four 64-bit hash functions and so on.
I tried translating with Baidu and it comes up with "宣传" and "鼓吹". The latter seems more appropriate for propaganda that puts something in a positive light, but doesn't apply to other types of propaganda. So I think a good translation would have to depend on the context.
Calling someone a "WuMao" is saying that the person is PAID to support the Chinese government, regardless of their actual opinions, and the target of support isn't in the term itself. Calling someone a "trump supporter" doesn't include the part about getting paid.
There seems to be a negative connotation with getting paid to support something, that you're just in it for the money and don't actually mean it.
Of course there are many nuances to the whole issue of labels which I don't have the knowledge or time to go into.
No I don't have evidence, and I was going to include that I don't have evidence in my comment, but didn't. I was merely stating a possibility in answer to your question. Maybe you should reply to my second paragraph instead.
Edit: I don't know about the intricacies of political correctness, but somehow "trump supporter" feels ok, maybe because it has two words and "supporter" balances "trump". Personally I think "50 cent army" isn't as bad as "WuMao" even though they mean the same thing, go figure.
Maybe because there might exist propaganda against the Chinese government? If Twitter has evidence for Chinese propaganda on a US-based site that's inaccessible to the Chinese population, wouldn't it be reasonable to suspect that US propaganda that targets the Chinese government exists too?
The above is just my opinion, but I think we're detracting from the main issue in the parent comment, that the term "WuMao" can be considered a derogatory term. Tell me if I'm wrong, but many terms started off neutral, but turned derogatory over time. The example that comes to mind is the N-word that rhymes with aggro, I'm not even sure if it's okay to use that so I'm self-censoring.
I mistakenly thought of the change as a software change, since I've yet to use the flag button.
It might be useful to tie changes in community standards to something concrete and trackable. Taking the detox week as an example, there would be a way to flag something and specify "detox week" as a reason.
That being said, can you give an example of changes in community standards on this site which effects cannot be tracked in software?
EDIT: Clarified scope of "changes in community standards" to this site.
I think there will always be resistance to change, so perhaps there should be a visible indication that some idea is being tested out, with an option for users to disable it.
Last year I reversed engineered a (36KiB) Windows PE binary[1] to obtain C++ source code that compiled to almost the exact same bytes. What stumped me was an undocumented section that contained metadata, which I gave up on figuring out.
Assuming you compile with the same options and in the same environment, the machine instructions should be the same.
EDIT: The compiler in question though is whatever Visual Basic 6.0 uses, so I wouldn't call it modern today.
Did you consult the plugin author before blogging about the vulnerability? Is there a reason why you blogged about it a year later? I am guessing that you waited until the old version of the plugin wasn't (widely) used any more.
Are you referring to UTF-8? If so, this is misleading as you can encode up to 2^21 + 2^16 + 2^11 + 2^7 = 2,164,864 code points, which is not the same as encoding bytes in a single character.
One could say that non-cash (debit/credit) transactions are recorded by the devices that enable them, and thus recorded and tied to an identity. The information could then be used by matching your card number when you use it online or elsewhere.
Given that the article is about collision attacks and not preimage resistance, that was my main thought when thinking of the issue. I'll leave it to the experts to figure out what's the best for cryptographic hash functions.
[1] https://crypto.stackexchange.com/questions/9435/is-truncatin...
[2] https://crypto.stackexchange.com/questions/270/guarding-agai...
[3] https://en.wikipedia.org/wiki/Cryptographic_hash_function#Co...