From: hallam@w3.org
To: cypherpunks@toad.com
Message Hash: 1a1ebabb37498b5dedcf0315e332f0bbb7e1c5f74ed20f498295c15b835eb953
Message ID: <9510261603.AA26221@zorch.w3.org>
Reply To: <01HWW4G5KUE69LV2GV@delphi.com>
UTC Datetime: 1995-10-26 22:31:59 UTC
Raw Date: Fri, 27 Oct 1995 06:31:59 +0800
From: hallam@w3.org
Date: Fri, 27 Oct 1995 06:31:59 +0800
To: cypherpunks@toad.com
Subject: Re: MD4-derived hash functions
In-Reply-To: <01HWW4G5KUE69LV2GV@delphi.com>
Message-ID: <9510261603.AA26221@zorch.w3.org>
MIME-Version: 1.0
Content-Type: text/plain
>Does anyone know whether Rivest was motivated to design
>MD5 by the partial attacks on MD4, or whether those came later?
>(This is totally idle curiousity.)
It was after...
>All of the well-known software hash functions seem to be based on
>MD4 these days, but that doesn't mean much about the security of
>MD4--3DES with three independent keys looks pretty strong, as does.
>3DES with two independent keys, but that doesn't mean that single
>DES is a strong enough cipher for modern applications.
3DES with only two independent keys is only slightly more secure than
DES, consider a variant of the meet in the middle attack exploiting
the fact that the constraint network is reductible to two equations
in one unknown.
>Is there a generic construction for
>arbitrary-length hash functions from good block or stream ciphers?
Yes, see Bruce's book.
Phill
Return to October 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”