[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key-ed MD5 again

> > > Some significant analysts think that a single key at the beginning of
> > > MD5 does not provide enough key material when the text is long.  The
> > > MD5(key,MD5(text)) was suggested to improve the effect of the key in the
> > > final hash.
> >
> > As MD5 is a chain of addition, a transitive 1-to-1 mapping, of
> > hashed values, it is unlikely that the initial scrambling effect
> > by the added hased key is weakened later.
> >
> An excellent question?  The conclusion was passed to me word of mouth.


> But, looking at the algorithm, it seems to me that up to 4 bits of
> influence can be lost from the high end of the sum on each block from
> lost carry in the four registers.

Are you seriously thinking that, MD5, which is designed by professionals
for digesting long messages such as mails, can not protect except the
last (64*8)/4 bits of the messages?

Lost carry does not mean loss of the information.

That is, carry ignoring addition of


is 1-to-1 mapping from 'x' onto 'y' and no information is lost. 'x'
can be reconstructed without any ambiguity from 'y' by subtraction
of 'c' with lost borrow.

MSB of x does affect the MSB of y.

> It is that addition was used instead of xor that has this result.

Addtion and xor are equally good bijections.

So, defects, *IF* any, should be a lot more subtle.

						Masataka Ohta