[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: key-ed MD5 again
> An additional note on this subject from Richard Schroeppel
> (rcs@cs.arizona.edu) follows. As it is a rather detailed missive, let
> me summarize the bottom line as a contribution to rough concensus in
> favor of MD5(key,data,key).
No objections.
But,
> MD5( Key .conc. VeryLongText .conc. Key )
>
> then we cancel out all of the intermediate information loss discussed
> above, and also protect against some appending attacks.
I can feel a little more happy, if someone can explain why,
MD5( Key .conc. Initialtext .conc. VeryLongText .conc. Key )
the forgery of the Initialtext part is less important, and why,
MD5, which also hashes the message length, must be protected
against appending attacks.
Masataka Ohta
References: