[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
re:MD5 for authentication article in RSA's "CryptoBytes"
- To: ipsec@ans.net
- Subject: re:MD5 for authentication article in RSA's "CryptoBytes"
- From: "paul (p.c.) van oorschot" <paulv@bnr.ca>
- Date: Wed, 5 Jul 1995 15:05:00 -0400
- Sender: "paul (p.c.) van oorschot" <paulv@bnr.ca>
- X400-Content-Type: P2-1984 (2)
- X400-Mts-Identifier: [/PRMD=BNR/ADMD=TELECOM.CANADA/C=CA/;bcars735.b.909:05.06.95.19.06.04]
- X400-Originator: "/dd.id=1631303/g=paul/i=pc/s=van oorschot/"@bnr.ca
- X400-Received: by interlock.ans.net (Protected-side Proxy Mail Agent-3); Wed, 5 Jul 1995 15:11:18 -0400
- X400-Received: by interlock.ans.net (Protected-side Proxy Mail Agent-2); Wed, 5 Jul 1995 15:11:18 -0400
- X400-Received: by interlock.ans.net (Protected-side Proxy Mail Agent-1); Wed, 5 Jul 1995 15:11:18 -0400
In message "MD5 for authentication article in RSA's "CryptoBytes"",
'perry@imsi.com' writes:
>There is a new RSADSI newsletter called "CryptoBytes". One of their
>articles in the fist issue is about use of MD5 for authentication.
>
>Perry
Note there is a comment related to this in [crypto95],
at the end of section 4.3:
Three MD5-based MAC proposals for the IPSEC
working group are made in [kaliski95]:
one is the envelope method with
$K_1=K_2$ and $k_1=128$ ($K_1$ is padded to a complete block),
the other two are
$MAC(x) = h( K_1 || h( K_2 || x))$ and
$MAC(x) = h( K_1 || h( K_1 || x))$.
It is suggested that the best known attack on
these schemes requires $2^{64}$ chosen messages;
however, Proposition 4 shows that $2^{56.5}$ known text-MAC
pairs are sufficient (if $s=2^{16}$).
Also, the second scheme is vulnerable to the
divide and conquer attack described above.
[crypto95] Bart Preneel, Paul C. van Oorschot,
``MDx-MAC and Building Fast MACs from Hash Functions,''
Proc. Crypto'95, Springer-Verlag LNCS (to appear, Aug. 1995).
{ftp: ftp.esat.kuleuven.ac.be, directory pub/COSIC/preneel}
[kaliski95] B. Kaliski, M. Robshaw, ``Message authentication with MD5,''
CryptoBytes (RSA Laboratories Technical Newsletter),
Vol.1, No.1, Spring 1995, pp.5--8.
Paul Van Oorschot.