[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
MD4 weaknesses (Was: Windows .PWL cracker implemented as a Word Basic virus)
At 06:20 PM 12/10/95 -0500, [email protected] (David A Wagner) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <[email protected]>,
>SINCLAIR DOUGLAS N <[email protected]> wrote:
>> My understanding was that MD4 had been broken once, at the cost of
>> much computer time.
>Not *that* much computer time...
>In my copy of Hans Dobbertin's paper, the abstract says
>
>``An implementation of our
>attack allows to find collisions for MD4 in less than a minute on a PC.''
>
>As far as I know, the difficulty of inverting MD4 is still an open
>problem -- but why would you want to use a broken algorithm like MD4
>when you can use MD2, MD5, or SHA?
Do you have a reference to Dobbertin's paper?
Schneier's discussion of MD4 says that DeBoor and Bosselaers cryptanalyzed
the last two of the three rounds of MD4 in 1991, Merkle did the first two,
and Biham discussed a differential attack on the first two, but nobody
had done the whole thing. Does Dobbertin's attack take one of these
and use it to feed an otherwise-brute-force search?
#--
# Thanks; Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281