From: [EMAIL PROTECTED]
Sent: Mar 30, 2006 3:38 PM
To: cryptography@metzdowd.com
Subject: Re: [Cfrg] HMAC-MD5
I think that we have the evidence. The security MD5 depends
heavily on a lot of nonlinearities in functions F,G,I and on
carries in arithmetic additions. Nonlinearities in F,G,I
I (Hal Finney) wrote:
A couple of (rather uninformed) thoughts regarding HMAC-MD5: First,
how could collision attacks be extended to preimage attacks? And second,
how would preimage attacks affect HMAC-MD5?
I have to apologize for that message; I was totally confused particularly
in the
: cryptography@metzdowd.com
Předmět: Re: [Cfrg] HMAC-MD5
Datum: 29.3.2006 - 21:14:06
On Wed, Mar 29, 2006 at 10:51:08AM +0200,
[EMAIL PROTECTED] wrote:
In am nearly sure that a preimage attack (MD5) will be found
in the
next two or three years.
Is there already evidence of progress
PROTECTED]
Komu: Russ Housley [EMAIL PROTECTED]
Předmět: Re: [Cfrg] HMAC-MD5
Datum: 29.3.2006 - 1:11:25
On Tue, 28 Mar 2006 16:20:59 -0500, Russ Housley
[EMAIL PROTECTED]
wrote:
At the SAAG session last week, Sam and I were asked about
HMAC-MD5. Is it safe to keep using it? Should we
On Wed, Mar 29, 2006 at 10:51:08AM +0200, [EMAIL PROTECTED] wrote:
In am nearly sure that a preimage attack (MD5) will be found in the
next two or three years.
Is there already evidence of progress in that direction?
--
Viktor.
A couple of (rather uninformed) thoughts regarding HMAC-MD5: First,
how could collision attacks be extended to preimage attacks? And second,
how would preimage attacks affect HMAC-MD5?
For a preimage attack, consider the simplest case, a single input
block of 64 bytes. Then Hash = IV +
