This preview shows page 1. Sign up to view the full content.
Unformatted text preview: avalanche effect. 5. The order in which message sub-blocks are accessed in rounds 2 and 3 is changed, to make these patterns less alike. 6. The left circular shift amounts in each round have been approximately optimized, to yield a faster avalanche effect. The four shifts used in each round are different from the ones used in other rounds. Tom Berson attempted to use differential cryptanalysis against a single round of MD5 , but his attack is ineffective against all four rounds. A more successful attack by den Boer and Bosselaers produces collisions using the compression function in MD5 [203, 1331, 1336]. This does not lend itself to attacks against MD5 in practical applications, and it does not affect the use of MD5 in Luby-Rackoff-like encryption algorithms (see Section 14.11). It does mean that one of the basic design principles of MD5—to design a collision-resistant compression function—has been violated. Although it is true that “there seems to be a weakness in the compression function, but it has no practical impact on the security of the hash function” , I am wary of using MD5. 18.6 MD2
MD2 is another 128-bit one-way hash function designed by Ron Rivest [801, 1335]. It, along with MD5, is used in the PEM protocols (see Section 24.10). The security of MD2 is dependent on a random permutation of bytes. This permutation is fixed, and depends on the digits of À. S0, S1, S2,..., S255 is the permutation. To hash a message M: (1) Pad the message with i bytes of value i so that the resulting message is a multiple of 16 bytes long. (2) Append a 16-byte checksum to the message. (3) Initialize a 48-byte block: X0, X1, X2,..., X47. Set the first 16 bytes of X to be 0, the second 16 bytes of X to be the first 16 bytes of the message, and the third 16 bytes of X to be the XOR of the first 16 bytes of X and the second 16 bytes of X. (4) This is the compression function: t=0 For j = 0 to 17 For k = 0 to 47 t = Xk XOR St Xk = t t = (t + j ) mod 256 (5) Set the second 16 bytes of X to be the second 16 bytes of the messa...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10