lamy@cs.toronto.edu (Jean-Francois Lamy) (12/15/89)
Exerpted from the Computer Emergency Response Team mailing list (the people
who will go after you if you try a stunt on the Internet :-)
------- Forwarded Message
[This was originally posted by Ralph Merkle of Xerox PARC to
comp.virus. I've reposted here with his permission. If you do reply
to this and have comments for him, please be sure to copy
merkle.pa@xerox.com, because he's not on this list.
-- Paul Holbrook, CERT]
Path: sei!pt.cs.cmu.edu!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!think!ames!ncar!tank!cps3xx!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw
From: merkle.pa@Xerox.COM
Newsgroups: comp.virus
Subject: Experimental one-way hash function
Message-ID: <0005.8912121301.AA15254@ge.sei.cmu.edu>
Date: 11 Dec 89 19:36:35 GMT
Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU>
Lines: 41
Approved: krvw@sei.cmu.edu
The one-way hash function, Snefru version 2.0, has been released for
general use. It generates either a 128 bit or 256 bit output.
Previous discussions in this group have mentioned the X9.9 MAC
(Message Authentication Code) that involves a secret key. Snefru is a
one-way hash function, and therefore does not use or require any
secret information. Further, Snefru has substantially better
performance than any DES based system.
One-way hash functions have the property that it is computationally
infeasible to find two inputs that produce the same output. Thus, if
I can authenticate the (128 or 256 bit) output, then I can
authenticate the large (perhaps megabytes) input that produced that
output.
The method of authenticating the output and the method of insuring the
integrity of the program computing the one-way hash function are
separate issues, not addressed by Snefru.
The C source for Snefru version 2.0 is available to anyone who wants a
copy via anonymous FTP from "arisia.xerox.com" (a Unix system at Xerox
PARC in Palo Alto, CA) in directory "/pub/hash". The source files
are: hash2.0.c, standardSBoxes2.c, and testSBoxes.c.
An assembly language version written for the Sun SPARCstation 1 can
hash large files at a speed slightly faster than 8 megabits per
second. This includes CPU time (as measured by the "time" command)
and excludes disk transfer time etc.
Snefru version 2.0 is still preliminary. It has received only modest
security review. It would seem prudent to use it only for
experimental or research purposes until it has received more
widespread scrutiny. A significant purpose of this posting is to
invite such scrutiny.
Cheers!
Ralph C. Merkle
Xerox PARC
3333 Coyote Hill Road
Palo Alto, CA 94304
merkle@xerox.com
------- End of Forwarded Messagerayan@cs.toronto.edu (Rayan Zachariassen) (12/15/89)
In case anyone is *really* interested, I have copies of Merkle's papers describing this stuff (Khufu, Khafre, Snefru encryption & crypto-hash algorithms).