17 Dec
2003
17 Dec
'03
11:17 p.m.
SINCLAIR DOUGLAS N <sinclai@ecf.toronto.edu> wrote:
My understanding was that MD4 had been broken once, at the cost of much computer time.
Not *that* much computer time... I stand corrected. I've not read the original paper.
As far as I know, the difficulty of inverting MD4 is still an open problem -- but why would you want to use a broken algorithm like MD4 when you can use MD2, MD5, or SHA? Granted. A brute force attack on MD4 takes 2^64 times more operations to invert it than it does to find matching pairs if I remember correctly. However a clever algorithm would reduce that.
Of course with MD5 as a plug-in replacement that's only 30% slower this isn't a big problem. Looks like the safety belts are worth while after all.