[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: key-ed MD5 again
> An additional note on this subject from Richard Schroeppel
> (email@example.com) follows. As it is a rather detailed missive, let
> me summarize the bottom line as a contribution to rough concensus in
> favor of MD5(key,data,key).
> MD5( Key .conc. VeryLongText .conc. Key )
> then we cancel out all of the intermediate information loss discussed
> above, and also protect against some appending attacks.
I can feel a little more happy, if someone can explain why,
MD5( Key .conc. Initialtext .conc. VeryLongText .conc. Key )
the forgery of the Initialtext part is less important, and why,
MD5, which also hashes the message length, must be protected
against appending attacks.