Results 1  10
of
17
How to break MD5 and other hash functions
 In EUROCRYPT
, 2005
"... Abstract. MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi freestart collision, in which the initial value of the has ..."
Abstract

Cited by 215 (5 self)
 Add to MetaCart
Abstract. MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi freestart collision, in which the initial value of the hash function is replaced by a nonstandard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusiveor as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL. 1
Cryptanalysis of the hash functions MD4 and RIPEMD
 In Proceedings of Eurocrypt ’05, volume 3494 of LNCS
, 2005
"... Abstract. MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 2 20 MD4 hash computations. In this paper, we pres ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
Abstract. MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 2 20 MD4 hash computations. In this paper, we present a new attack on MD4 which can find a collision with probability 2 −2 to 2 −6, and the complexity of finding a collision doesn’t exceed 2 8 MD4 hash operations. Built upon the collision search attack, we present a chosenmessage preimage attack on MD4 with complexity below 2 8. Furthermore, we show that for a weak message, we can find another message that produces the same hash value. The complexity is only a single MD4 computation, and a random message is a weak message with probability 2 −122. The attack on MD4 can be directly applied to RIPEMD which has two parallel copies of MD4, and the complexity of finding a collision is about 2 18 RIPEMD hash operations. 1
Software performance of universal hash functions
 In Advances in Cryptology — EUROCRYPT ’99
, 1999
"... Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying ..."
Abstract

Cited by 26 (0 self)
 Add to MetaCart
Abstract. This paper compares the parameters sizes and software performance of several recent constructions for universal hash functions: bucket hashing, polynomial hashing, Toeplitz hashing, division hashing, evaluation hashing, and MMH hashing. An objective comparison between these widely varying approaches is achieved by defining constructions that offer a comparable security level. It is also demonstrated how the security of these constructions compares favorably to existing MAC algorithms, the security of which is less understood. 1
A New Class of Collision Attacks and its Application to DES
, 2003
"... Until now in cryptography the term collision was mainly associated with the surjective mapping of different inputs to an equal output of a hash function. Previous collision attacks were only able to detect collisions at the output of a particular function. In this publication we introduce a new clas ..."
Abstract

Cited by 19 (3 self)
 Add to MetaCart
Until now in cryptography the term collision was mainly associated with the surjective mapping of different inputs to an equal output of a hash function. Previous collision attacks were only able to detect collisions at the output of a particular function. In this publication we introduce a new class of attacks which uses side channel analysis to detect internal collisions. We applied our attack against the widely used Data Encryption Standard (DES). We show that internal collisions can be caused in the SBoxes of DES in order to gain information about the secret keybits. As result, we were able to exploit an internal collision with a minimum of 140 encryptions yielding 10.2 keybits. Moreover, we successfully applied the attack to a smart card processor.
Cryptanalysis of MD5 Compress
 In Rump Session of EuroCrypt ’96
, 1996
"... the recent analysis of MD4like hash functions. 1 Using the term "collision of a compress function" we assume that the initial value is the same for both inputs, i.e. an initial value IV and two different inputs X and ~ X are given such that compress(IV ; X) = compress(IV ; ~ X): On the other ..."
Abstract

Cited by 15 (0 self)
 Add to MetaCart
the recent analysis of MD4like hash functions. 1 Using the term "collision of a compress function" we assume that the initial value is the same for both inputs, i.e. an initial value IV and two different inputs X and ~ X are given such that compress(IV ; X) = compress(IV ; ~ X): On the other hand we use the term "pseudocollision" if two different initial values IV; ~ IV and (possibly identical) inputs X; ~ X are given such that compress(IV ; X) = compress( ~ IV ; ~ X): Pseudocollisions are of much less practical importance than collisions. Collision for the compress function of MD5. Use the following initial value
On Recent Results for MD2, MD4 and MD5
 RSA Laboratories’ Bulletin
, 1996
"... . Recent cryptanalytic results on the properties of three popular hash functions have raised questions about their security. This note summarizes these results, gives our assessment of their implications and offers our recommendations for product planners and developers who may be using these algori ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
. Recent cryptanalytic results on the properties of three popular hash functions have raised questions about their security. This note summarizes these results, gives our assessment of their implications and offers our recommendations for product planners and developers who may be using these algorithms. 1. Introduction A hash function (or more accurately a cryptographic hash function or messagedigest algorithm) operates on an input string of arbitrary length and generates an output string of fixed length. This output is commonly called a hash value or a message digest. While much of the motivation for the design of a hash function comes from its usefulness in optimizing the process of digitally signing some document, hash functions can be used for a wide range of purposes. MD2 [13], MD4 [20] and MD5 [21] are hash functions that were developed by Ron Rivest at MIT for RSA Data Security. A description of these hash functions can be found in RSA Laboratories Technical Report TR101 [...
A new dedicated 256bit hash function: FORK256
 FSE 2006, LNCS 4047, SpringerVerlag
, 2006
"... ..."
On the Security of Dedicated Hash Functions
 In 19th Symposium on Information Theory in the Benelux
, 1998
"... Cryptographic hash functions are an important building block for a wide range of applications such as the authentication of information, digital signatures and the protection of passphrases. The most popular hash functions are the custom designed iterative hash functions from the MD4 family. Over t ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Cryptographic hash functions are an important building block for a wide range of applications such as the authentication of information, digital signatures and the protection of passphrases. The most popular hash functions are the custom designed iterative hash functions from the MD4 family. Over the years various results on the cryptanalysis of these functions have become available and this paper intends to summarize these results and their impact. We will describe attacks on MD4, MD5 and RIPEMD, and discuss the design and security of the hash functions SHA1 and RIPEMD160 which are included in the new standard ISO/IEC 101183. 1 Introduction Cryptographic hash functions or messagedigest algorithms (see [Pre93] for a comprehensive treatment) are functions that map a string of arbitrary length into a fixed length result. Given h and an input x, computing h(x) must be easy and does not require any secret information. The cryptographic properties that are required depend on the appli...
Collision and Preimage Resistance of the Centera Content Address
, 2005
"... Centera uses cryptographic hash functions as a means of addressing stored objects, thus creating a new class of data storage referred to as CAS (content addressed storage). Such hashing serves the useful function of providing a means of uniquely identifying data and providing a global handle to that ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Centera uses cryptographic hash functions as a means of addressing stored objects, thus creating a new class of data storage referred to as CAS (content addressed storage). Such hashing serves the useful function of providing a means of uniquely identifying data and providing a global handle to that data, referred to as the Content Address or CA. However, such a model begs the question: how certain can one be that a given CA is indeed unique? In this paper we describe fundamental concepts of cryptographic hash functions, such as collision resistance, preimage resistance, and secondpreimage resistance. We then map these properties to the MD5 and SHA256 hash algorithms, which are used to generate the Centera content address. Finally, we present a proof of the collision resistance of the Centera Content Address.
Message Encryption and Authentication Using OneWay Hash Functions
 Proc. of 3rd Annual Workshop on Selected Areas in Cryptology (SAC '96), Queens
, 1996
"... A oneway hash function is an important cryptographic primitive for digital signatures and authentication. Recently much work has been done toward construction of other cryptographic algorithms (e.g., MACs) using hash functions. In particular, such algorithms would be easy to implement with existing ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
A oneway hash function is an important cryptographic primitive for digital signatures and authentication. Recently much work has been done toward construction of other cryptographic algorithms (e.g., MACs) using hash functions. In particular, such algorithms would be easy to implement with existing codes of hash functions if they are used as a black box without modification. In this paper we present new such constructions for block ciphers and MACs in some general form (i.e., with variable key sizes, block lengths and MAC lengths). 1 Introduction Hash functions play an important role in various cryptographic protocol designs. They are used as a cryptographic primitive for digital signatures and message/user authentication. Consequently a lot of optimized implementations of hash functions, such as MD5 [23] and SHA [24], exist. In this paper we describe several algorithms constructed from keyed hash functions: DESlike block ciphers, stream cipherlike algorithms and MAC algorithms. Al...