[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key-ed MD5 again

To: IPSEC@ans.net
Subject: Re: key-ed MD5 again
From: "William Allen Simpson" <Bill.Simpson@um.cc.umich.edu>
Date: Tue, 28 Mar 95 14:26:29 GMT

> From: Masataka Ohta <mohta@necom830.cc.titech.ac.jp>
> > Some significant analysts think that a single key at the beginning of
> > MD5 does not provide enough key material when the text is long.  The
> > MD5(key,MD5(text)) was suggested to improve the effect of the key in the
> > final hash.
>
> As MD5 is a chain of addition, a transitive 1-to-1 mapping, of
> hashed values, it is unlikely that the initial scrambling effect
> by the added hased key is weakened later.
>
An excellent question?  The conclusion was passed to me word of mouth.
But, looking at the algorithm, it seems to me that up to 4 bits of
influence can be lost from the high end of the sum on each block from
lost carry in the four registers.  As the text grows longer, less of the
initial key effect is seen.

It is that addition was used instead of xor that has this result.

Bill.Simpson@um.cc.umich.edu

Follow-Ups:

Re: key-ed MD5 again

From: Masataka Ohta <mohta@necom830.cc.titech.ac.jp>

Prev by Date: Re: key-ed MD5 again
Next by Date: Re: MD5 versus SHA
Prev by thread: Re: key-ed MD5 again
Next by thread: Re: key-ed MD5 again
Index(es):
- Main
- Thread