1995-12-11 - MD4

Header Data

From: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
To: daw@quito.CS.Berkeley.EDU (David A Wagner)
Message Hash: 872aa392d4a0386e2cb74e70dc99f2e6a164eab5adae613eb29c455f39d5578e
Message ID: <95Dec10.204825edt.1935@cannon.ecf.toronto.edu>
Reply To: <199512102320.SAA08162@bb.hks.net>
UTC Datetime: 1995-12-11 01:48:45 UTC
Raw Date: Sun, 10 Dec 95 17:48:45 PST

Raw message

From: SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu>
Date: Sun, 10 Dec 95 17:48:45 PST
To: daw@quito.CS.Berkeley.EDU (David A Wagner)
Subject: MD4
In-Reply-To: <199512102320.SAA08162@bb.hks.net>
Message-ID: <95Dec10.204825edt.1935@cannon.ecf.toronto.edu>
MIME-Version: 1.0
Content-Type: text/plain


> SINCLAIR  DOUGLAS N <sinclai@ecf.toronto.edu> wrote:
> > My understanding was that MD4 had been broken once, at the cost of 
> > much computer time.
> 
> Not *that* much computer time...
I stand corrected.  I've not read the original paper.

> As far as I know, the difficulty of inverting MD4 is still an open
> problem -- but why would you want to use a broken algorithm like MD4
> when you can use MD2, MD5, or SHA?
Granted.  A brute force attack on MD4 takes 2^64 times more operations
to invert it than it does to find matching pairs if I remember correctly.
However a clever algorithm would reduce that.

Of course with MD5 as a plug-in replacement that's only 30% slower
this isn't a big problem.  Looks like the safety belts are worth while
after all.




Thread