[45126] in Cypherpunks
MD4
daemon@ATHENA.MIT.EDU (SINCLAIR DOUGLAS N)
Sun Dec 10 21:00:12 1995
From: SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu>
To: daw@quito.CS.Berkeley.EDU (David A Wagner)
Date: Sun, 10 Dec 1995 20:48:21 -0500
Cc: cypherpunks@toad.com
In-Reply-To: <199512102320.SAA08162@bb.hks.net> from "David A Wagner" at Dec 10, 95 06:20:38 pm
> SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu> wrote:
> > My understanding was that MD4 had been broken once, at the cost of
> > much computer time.
>
> Not *that* much computer time...
I stand corrected. I've not read the original paper.
> As far as I know, the difficulty of inverting MD4 is still an open
> problem -- but why would you want to use a broken algorithm like MD4
> when you can use MD2, MD5, or SHA?
Granted. A brute force attack on MD4 takes 2^64 times more operations
to invert it than it does to find matching pairs if I remember correctly.
However a clever algorithm would reduce that.
Of course with MD5 as a plug-in replacement that's only 30% slower
this isn't a big problem. Looks like the safety belts are worth while
after all.
