1994-07-06 - Re: MD5 is 1=>1?

Header Data

From: Roger Bryner <bryner@atlas.chem.utah.edu>
To: Derek Atkins <warlord@MIT.EDU>
Message Hash: 60350ea75699c6440fbe74492a4cb47e2a1b561370efe88ec9ada0edbfa17d61
Message ID: <Pine.3.89.9407052008.A14227-0100000@atlas.chem.utah.edu>
Reply To: <9407060145.AA10798@toxicwaste.media.mit.edu>
UTC Datetime: 1994-07-06 02:19:33 UTC
Raw Date: Tue, 5 Jul 94 19:19:33 PDT

Raw message

From: Roger Bryner <bryner@atlas.chem.utah.edu>
Date: Tue, 5 Jul 94 19:19:33 PDT
To: Derek Atkins <warlord@MIT.EDU>
Subject: Re: MD5 is 1=>1?
In-Reply-To: <9407060145.AA10798@toxicwaste.media.mit.edu>
Message-ID: <Pine.3.89.9407052008.A14227-0100000@atlas.chem.utah.edu>
MIME-Version: 1.0
Content-Type: text/plain

On Tue, 5 Jul 1994, Derek Atkins wrote:
> > I would recomend replacing that option or discarding it, that is unless 
> > hash functions never throw away bits in sizes smaller than their output size.
> > (again, that was my question)
> They shouldn't.  I refer back to my last statement, that if they did,
> it would make breaking the hash much easier.

This refers to the secure drive 1024 iterations of MD5.  Without a proof 
that md5(128bit number) is a one to one transformation, my statement 
about looseing entropy is possibly.  I don't think that it has been 
demonstrated that md5^1024 is more secure than md5.

NOBODY HAS IMPLIED THAT SUCH A PROOF, or equivilent proof, exists.