[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

keyed MD5 - papers and software

To: ipsec@ans.net
Subject: keyed MD5 - papers and software
From: Bart.Preneel@esat.kuleuven.ac.be
Date: Fri, 9 Feb 1996 15:29:52 +0100
Cc: preneel@esat.kuleuven.ac.be
Organization: ESAT, K.U.Leuven, Belgium
Reply-To: ipsec@ans.net
Sender: ipsec-owner@ans.net


Below is a status update on some results regarding keyed MD5 proposals.  
In July of last year there was much discussion about the security 
of various proposals.  A summary of attacks on the secret prefix, secret 
suffix, and various envelope methods may be found in the Crypto'95 paper
by B. Preneel and P. van Oorschot, `MDx-MAC and Building Fast MACs from 
Hash Functions', pp.1-14, available at:

   ftp.esat.kuleuven.ac.be pub/COSIC/preneel mdxmac_crypto95.ps

This paper also proposed the MD5-based MAC algorithm called MD5-MAC.
A reference C implementation (including test values and some 
timings) of MD5-MAC has been posted at

   ftp.esat.kuleuven.ac.be pub/COSIC/preneel/md5mac
   files: README      key.dat     md5mac.res  mddrive2.c
          global.h    md5mac.h    md5macc.c   speed.res

At the Crypto'95 rump session, a key recovery attack on the envelope method
of RFC 1828 was announced.  This result is contained in our paper to be 
presented at Eurocrypt'96 in May, ``On the security of two MAC algorithms'',
a draft version of which is available at

    ftp.esat.kuleuven.ac.be  pub/COSIC/preneel  twomacs.ps


Bart Preneel
bart.preneel@esat.kuleuven.ac.be

Prev by Date: SKIP Alpha-2 Source release
Next by Date: Re: (radius) FWD: (mobile-ip) MD5 Key recovery attack
Prev by thread: SKIP Alpha-2 Source release
Next by thread: Re: (radius) FWD: (mobile-ip) MD5 Key recovery attack
Index(es):
- Main
- Thread