MD4
SINCLAIR DOUGLAS N
sinclai at ecf.toronto.edu
Sun Dec 10 17:48:45 PST 1995
> SINCLAIR DOUGLAS N <sinclai at ecf.toronto.edu> wrote:
> > My understanding was that MD4 had been broken once, at the cost of
> > much computer time.
>
> Not *that* much computer time...
I stand corrected. I've not read the original paper.
> As far as I know, the difficulty of inverting MD4 is still an open
> problem -- but why would you want to use a broken algorithm like MD4
> when you can use MD2, MD5, or SHA?
Granted. A brute force attack on MD4 takes 2^64 times more operations
to invert it than it does to find matching pairs if I remember correctly.
However a clever algorithm would reduce that.
Of course with MD5 as a plug-in replacement that's only 30% slower
this isn't a big problem. Looks like the safety belts are worth while
after all.
More information about the cypherpunks-legacy
mailing list