[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MD4-derived hash functions

To: Mark <[email protected]>
Subject: Re: MD4-derived hash functions
From: Simon Spero <[email protected]>
Date: Sun, 29 Oct 1995 21:23:23 -0800 (PST)
Cc: David A Wagner <[email protected]>, [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Mon, 30 Oct 1995, Mark wrote:

> 
> That doesnt make sense. If one accepts that double encryption is securer than
> single encryption, wether marginally or twice as secure, why not use it?
> 

Hi Mark -

The problem with double encryption with DES is that it's vulnerable to a 
meet-in-the-middle attack if you have known plain text. You can encrypt 
the plaintext with all possible keys and store them in a (big) table, then 
decrypt the cypher text until you get a match with one of the values in 
the table. 

Doesn't work too well on an 8Mb P90 (2^59 bytes is half a peta byte), but 
since memory capacity theoretically increases as the square of processor 
speed, the attack becomes feasible much, much, sooner than breaking a 112 
byte key.

Using 3-DES,even with only two distinct keys, makes this attack 
infeasible, as the table size becomes much to large. 2-IDEA is similarly 
safe (2^131 bytes of memory is a long way off (I wonder what the first 
version of M$ Word to need that much memory will be).

Simon
 ---
(defun modexpt (x y n)  "computes (x^y) mod n"
  (cond ((= y 0) 1) 
	((= y 1) (mod x n))
	((evenp y) (mod (expt (modexpt x (/ y 2) n) 2) n))
	(t (mod (* x (modexpt x (1- y) n)) n))))

References:
- Re: MD4-derived hash functions
  - From: Mark <[email protected]>

Prev by Date: Re: MD4-derived hash functions
Next by Date: Re: Digicash will not fly (not)
Prev by thread: Re: MD4-derived hash functions
Next by thread: Re: MD4-derived hash functions
Index(es):
- Date
- Thread