This preview shows page 1. Sign up to view the full content.
Unformatted text preview: tack requires 272 operations. The algorithm’s designers recommend using N-Hash with at least 8 rounds . Given the proven insecurity of N-Hash and FEAL (and its speed with 8 rounds), I recommend using another algorithm entirely. 18.4 MD4
MD4 is a one-way hash function designed by Ron Rivest [1318, 1319, 1321]. MD stands for Message Digest; the algorithm produces a 128-bit hash, or message digest, of the input message. In , Rivest outlined his design goals for the algorithm: Security. It is computationally infeasible to find two messages that hashed to the same value. No attack is more efficient than brute force. Direct Security. MD4’s security is not based on any assumption, like the difficulty of factoring. Speed. MD4 is suitable for high-speed software implementations. It is based on a simple set of bit manipulations on 32-bit operands. Simplicity and Compactness. MD4 is as simple as possible, without large data structures or a complicated program. Favor Little-Endian Architectures. MD4 is optimized for microprocessor architectures (specifically Intel microprocessors); larger and faster computers make any necessary translations. After the algorithm was first introduced, Bert den Boer and Antoon Bosselaers successfully cryptanalyzed the last two of the algorithm’s three rounds . In an unrelated cryptanalytic result, Ralph Merkle successfully attacked the first two rounds . Eli Biham discussed a differential cryptanalysis attack against the first two rounds of MD4 . Even though these attacks could not be extended to the full algorithm, Rivest strengthened the algorithm. The result is MD5. 18.5 MD5
MD5 is an improved version of MD4 [1386, 1322]. Although more complex than MD4, it is similar in design and also produces a 128-bit hash. Description of MD5
After some initial processing, MD5 processes the input text in 512-bit blocks, divided into 16 32-bit sub-blocks. The output of the algorithm is a set of four 32-bit blocks, which concatenate to form a single 128-bit hash value. First, the message is padded so that its length is just 64 b...
View Full Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
- Fall '10