This preview shows page 1. Sign up to view the full content.
Unformatted text preview: tack requires 272 operations. The algorithm’s designers recommend using NHash with at least 8 rounds [1106]. Given the proven insecurity of NHash and FEAL (and its speed with 8 rounds), I recommend using another algorithm entirely. 18.4 MD4
MD4 is a oneway hash function designed by Ron Rivest [1318, 1319, 1321]. MD stands for Message Digest; the algorithm produces a 128bit hash, or message digest, of the input message. In [1319], Rivest outlined his design goals for the algorithm: Security. It is computationally infeasible to find two messages that hashed to the same value. No attack is more efficient than brute force. Direct Security. MD4’s security is not based on any assumption, like the difficulty of factoring. Speed. MD4 is suitable for highspeed software implementations. It is based on a simple set of bit manipulations on 32bit operands. Simplicity and Compactness. MD4 is as simple as possible, without large data structures or a complicated program. Favor LittleEndian Architectures. MD4 is optimized for microprocessor architectures (specifically Intel microprocessors); larger and faster computers make any necessary translations. After the algorithm was first introduced, Bert den Boer and Antoon Bosselaers successfully cryptanalyzed the last two of the algorithm’s three rounds [202]. In an unrelated cryptanalytic result, Ralph Merkle successfully attacked the first two rounds [202]. Eli Biham discussed a differential cryptanalysis attack against the first two rounds of MD4 [159]. Even though these attacks could not be extended to the full algorithm, Rivest strengthened the algorithm. The result is MD5. 18.5 MD5
MD5 is an improved version of MD4 [1386, 1322]. Although more complex than MD4, it is similar in design and also produces a 128bit hash. Description of MD5
After some initial processing, MD5 processes the input text in 512bit blocks, divided into 16 32bit subblocks. The output of the algorithm is a set of four 32bit blocks, which concatenate to form a single 128bit hash value. First, the message is padded so that its length is just 64 b...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details