Unformatted text preview: ying about. The first scheme was described in . The third scheme was described in [1555, 1105, 1106] and was proposed as an ISO standard . The fifth scheme was proposed by Carl Meyer, but is commonly called Davies-Meyer in the literature [1606, 1607, 434, 1028]. The tenth scheme was proposed as a hash-function mode for LOKI . The first, second, third, fourth, ninth, and eleventh schemes have a hash rate of 1; the key length equals the block length. The others have a rate of k/n, where k is the key length. This means that if the key length is shorter than the block length, then the message block can only be the length of the key. It is not recommended that the message block be longer than the key length, even if the encryption algorithm’s key length is longer than the block length. If the block algorithm has a DES-like complementation property and DES-like weak keys, there is an additional attack that is possible against all 12 schemes. The attack isn’t very dangerous and not really worth worrying about. However, you can solve it by fixing bits 2 and 3 of the key to “01” or “10” [1081, 1107]. Of course, this reduces the length of k from 56 bits to 54 bits (in DES, for example) and decreases the hash rate. The following schemes, proposed in the literature, have been shown to be insecure. Figure 18.9 The four secure hash functions where the block length equals the hash size. This scheme  was broken in : Hi = EMi(Hi - 1) Davies and Price proposed a variant which cycles the entire message through the algorithm twice [432, 433]. Coppersmith’s attack works on this variant with not much larger computational requirements . Another scheme [432, 458] was shown insecure in : Hi = EMi• Hi- 1 (Hi- 1) This scheme was shown insecure in  (c is a constant): Hi = Ec (Mi • Hi - 1) • Mi • Hi- 1 Modified Davies-Meyer
Lai and Massey modified the Davies-Meyer technique to work with the IDEA cipher [930, 925]. IDEA has a 64-bit block size and 128-bit key size. Their scheme is Ho = IH, where IH is a random initial value Hi = EHi- 1,Mi(Hi- 1) This fu...
View Full Document
- Fall '10
- Cryptography, Bruce Schneier, Applied Cryptography, EarthWeb, Search Search Tips