[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsync and md4

To: "David F. Ogren" <[email protected]>
Subject: Re: rsync and md4
From: "Perry E. Metzger" <[email protected]>
Date: Sun, 30 Jun 1996 13:47:17 -0400
cc: [email protected], [email protected], [email protected]
In-reply-to: Your message of "Sat, 29 Jun 1996 20:25:33 EDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]


"David F. Ogren" writes:
> > MD4 is a hashing algorithm, but it can be used for checksuming.
> > >
> > > A first guess might be 2^-128 but I know that this sort of thing is
> > > rarely that simple. Is md4 that good?
> > 
> > 2^-64.
> 
> Are you sure?  MD5 is a 128 bit hash, and the probability of collision with 
> a specific random piece of data (of any length) should be 2^-128.  I could 
> be wrong, but do you have any explanation of why you think the answer is 
> 2^-64.

Does the phrase "birthday attack" mean anything to you?

> > > Why md4? I chose md4 because it seemed to be the fastest of the
> > > reputedly strong, publicly available checksum algorithms. Suggestions
> > > for alternative algorithms are welcome.
> 
> MD4 is the fastest hash I am aware of.  However, there has been some 
> successful attacks against two rounds of MD4.  Although this is not to 
> suggest that MD4 is insecure, MD5 almost as fast (~1.3 times slower) and 
> more secure.

I'm afraid you are totally wrong here. MD4 has been completely
broken. I wouldn't trust it for anything. In fact, MD5 is no longer
trustworthy, either -- it was broken recently. Stick to SHA.

Perry

Follow-Ups:
- Re: rsync and md4
  - From: [email protected] (Mike Duvos)

References:
- Re: rsync and md4
  - From: "David F. Ogren" <[email protected]>

Prev by Date: Re: crypto and bagpipes [NOISE]
Next by Date: Re: rsync and md4
Prev by thread: Re: rsync and md4
Next by thread: Re: rsync and md4
Index(es):
- Date
- Thread