[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AH-MD5
Date: Sat, 28 Jan 1995 11:38:42 -0500
From: "Perry E. Metzger" <perry@imsi.com>
"Theodore Ts'o" says:
> You will recall that MD5 was designed and pushed out the door not
> because the author could prove any weaknesses about MD4 --- as far as
> he knew there are been no attacks on MD4 ---
Other than the ones by Bert den Boer, Antoon Bosselaers, Ralph Merkle,
and Elli Biham, all of whom broke two out of three rounds? I'll point
out that they used different techniques, adding insult to injury!
If you insist, I'll post references.
When were those papers published? The MD5 RFC (April 1992) refereneced
none of those papers when it discussed why MD5 was released:
The MD5 algorithm is an extension of the MD4 message-digest algorithm
1,2]. MD5 is slightly slower than MD4, but is more "conservative" in
design. MD5 was designed because it was felt that MD4 was perhaps
being adopted for use more quickly than justified by the existing
critical review; because MD4 was designed to be exceptionally fast,
it is "at the edge" in terms of risking successful cryptanalytic
attack. MD5 backs off a bit, giving up a little in speed for a much
greater likelihood of ultimate security. It incorporates some
suggestions made by various reviewers, and contains additional
optimizations. The MD5 algorithm is being placed in the public domain
for review and possible adoption as a standard.
Notice words such as "felt" and "likelihood"...... those are hunch-like
words don't they?
- Ted
Follow-Ups:
- Re: AH-MD5
- From: "Perry E. Metzger" <perry@imsi.com>
References:
- Re: AH-MD5
- From: "Perry E. Metzger" <perry@imsi.com>