This preview shows page 1. Sign up to view the full content.
Unformatted text preview: avalanche effect. 5. The order in which message subblocks are accessed in rounds 2 and 3 is changed, to make these patterns less alike. 6. The left circular shift amounts in each round have been approximately optimized, to yield a faster avalanche effect. The four shifts used in each round are different from the ones used in other rounds. Tom Berson attempted to use differential cryptanalysis against a single round of MD5 [144], but his attack is ineffective against all four rounds. A more successful attack by den Boer and Bosselaers produces collisions using the compression function in MD5 [203, 1331, 1336]. This does not lend itself to attacks against MD5 in practical applications, and it does not affect the use of MD5 in LubyRackofflike encryption algorithms (see Section 14.11). It does mean that one of the basic design principles of MD5—to design a collisionresistant compression function—has been violated. Although it is true that “there seems to be a weakness in the compression function, but it has no practical impact on the security of the hash function” [1336], I am wary of using MD5. 18.6 MD2
MD2 is another 128bit oneway hash function designed by Ron Rivest [801, 1335]. It, along with MD5, is used in the PEM protocols (see Section 24.10). The security of MD2 is dependent on a random permutation of bytes. This permutation is fixed, and depends on the digits of À. S0, S1, S2,..., S255 is the permutation. To hash a message M: (1) Pad the message with i bytes of value i so that the resulting message is a multiple of 16 bytes long. (2) Append a 16byte checksum to the message. (3) Initialize a 48byte block: X0, X1, X2,..., X47. Set the first 16 bytes of X to be 0, the second 16 bytes of X to be the first 16 bytes of the message, and the third 16 bytes of X to be the XOR of the first 16 bytes of X and the second 16 bytes of X. (4) This is the compression function: t=0 For j = 0 to 17 For k = 0 to 47 t = Xk XOR St Xk = t t = (t + j ) mod 256 (5) Set the second 16 bytes of X to be the second 16 bytes of the messa...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details