[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
keyed MD5 - papers and software
Below is a status update on some results regarding keyed MD5 proposals.
In July of last year there was much discussion about the security
of various proposals. A summary of attacks on the secret prefix, secret
suffix, and various envelope methods may be found in the Crypto'95 paper
by B. Preneel and P. van Oorschot, `MDx-MAC and Building Fast MACs from
Hash Functions', pp.1-14, available at:
ftp.esat.kuleuven.ac.be pub/COSIC/preneel mdxmac_crypto95.ps
This paper also proposed the MD5-based MAC algorithm called MD5-MAC.
A reference C implementation (including test values and some
timings) of MD5-MAC has been posted at
ftp.esat.kuleuven.ac.be pub/COSIC/preneel/md5mac
files: README key.dat md5mac.res mddrive2.c
global.h md5mac.h md5macc.c speed.res
At the Crypto'95 rump session, a key recovery attack on the envelope method
of RFC 1828 was announced. This result is contained in our paper to be
presented at Eurocrypt'96 in May, ``On the security of two MAC algorithms'',
a draft version of which is available at
ftp.esat.kuleuven.ac.be pub/COSIC/preneel twomacs.ps
Bart Preneel
bart.preneel@esat.kuleuven.ac.be