[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MD4 weaknesses (Was: Windows .PWL cracker implemented as a Word Basic virus)

To: [email protected]
Subject: MD4 weaknesses (Was: Windows .PWL cracker implemented as a Word Basic virus)
From: Bill Stewart <[email protected]>
Date: Mon, 11 Dec 1995 01:06:51 -0800
Sender: [email protected]

At 06:20 PM 12/10/95 -0500, [email protected] (David A Wagner) wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>In article <[email protected]>,
>SINCLAIR  DOUGLAS N <[email protected]> wrote:
>> My understanding was that MD4 had been broken once, at the cost of 
>> much computer time.
>Not *that* much computer time...
>In my copy of Hans Dobbertin's paper, the abstract says 
>
>``An implementation of our 
>attack allows to find collisions for MD4 in less than a minute on a PC.''
>
>As far as I know, the difficulty of inverting MD4 is still an open
>problem -- but why would you want to use a broken algorithm like MD4
>when you can use MD2, MD5, or SHA?

Do you have a reference to Dobbertin's paper?

Schneier's discussion of MD4 says that DeBoor and Bosselaers cryptanalyzed
the last two of the three rounds of MD4 in 1991, Merkle did the first two,
and Biham discussed a differential attack on the first two, but nobody
had done the whole thing.  Does Dobbertin's attack take one of these
and use it to feed an otherwise-brute-force search?
#--
#				Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281

Prev by Date: Re: Time-based cryptanalysis: How to defeat it?
Next by Date: Re: [NOISE] Is it possible?
Prev by thread: Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker...)
Next by thread: Anohter angle on timing (TEMPEST)
Index(es):
- Date
- Thread