[21672] in cryptography@c2.net mail archive
Re: [Cfrg] HMAC-MD5
daemon@ATHENA.MIT.EDU (vlastimil.klima@volny.cz)
Thu Mar 30 18:40:31 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: vlastimil.klima@volny.cz
To: cryptography@metzdowd.com
Date: Thu, 30 Mar 2006 22:38:46 +0200 (CEST)
In-Reply-To: <20060329190137.GW3581@piias899.ms.com>
I think that we have the "evidence". The security MD5 depends
heavily on a lot of nonlinearities in functions F,G,I and on
carries in arithmetic additions. Nonlinearities in F,G,I are
bitwise and very weak. Carries are much stronger, but the collision
attacks showed that it is possible to controll them also. New
differential schemes (paths) could be proposed, new ways of
controlling the interior variables of MD5 could be discovered. It
could lead to the second preimage attacks and maybe further.=20
Vlastimil Klima
=20
----- P=D9VODN=CD ZPR=C1VA -----
Od: "Victor Duchovni" <Victor.Duchovni@MorganStanley.com>
Komu: cryptography@metzdowd.com
P=F8edm=ECt: Re: [Cfrg] HMAC-MD5
Datum: 29.3.2006 - 21:14:06
> On Wed, Mar 29, 2006 at 10:51:08AM +0200,
> vlastimil.klima@volny.cz wrote:
>=20
> > In am nearly sure that a preimage attack (MD5) will be found
> > in the
> > next two or three years.
>=20
> Is there already evidence of progress in that direction?
>=20
> --=20
> Viktor.
>=20
>
---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo@metzdowd.com
>=20
--=20
! NOVINKA ! Vybruslete z jarni unavy!
Inline brusle Nike za fantasticke ceny od 1999 Kc!
http://www.sportobchod.cz/Prehled.php?kat1=3D10
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
