On this question https://stackoverflow.com/questions/5889238/why-is-xor-the-default-way-to-combine-hashes a couple of the answers say that xoring is a bad/insecure choice for combining hashes. However, most of them say that in regards to xoring two identical hashes.
If I want to combine a Keccak-256, Skein-256-256, Blake2b-256, and Groestl-256 hash, would it be more secure to concatenate parts of the hash, or to xor the hashes together?
The answer is (as always): It depends. If you want pseudorandomness, then XOR is a good combiner (actually even optimal). However, if you want collision resistance then XOR is a really bad combiner because afaik you cannot show that collision resistance of the two hash functions implies collision resistance of the combiner. If you think about it, a collision for that combiner does not imply a collision for either of the hash functions. The same argument applies to second-preimage resistance. On the contrary, for the concatenation combiner a collision of the combiner contains a collision for both hash functions.
For one-wayness the situation is a bit more complicated. However, you cannot use a preimage finder for the combiner to find preimages for one of the hash functions...
