lamy@cs.toronto.edu (Jean-Francois Lamy) (12/15/89)
Exerpted from the Computer Emergency Response Team mailing list (the people who will go after you if you try a stunt on the Internet :-) ------- Forwarded Message [This was originally posted by Ralph Merkle of Xerox PARC to comp.virus. I've reposted here with his permission. If you do reply to this and have comments for him, please be sure to copy merkle.pa@xerox.com, because he's not on this list. -- Paul Holbrook, CERT] Path: sei!pt.cs.cmu.edu!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!think!ames!ncar!tank!cps3xx!netnews.upenn.edu!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: merkle.pa@Xerox.COM Newsgroups: comp.virus Subject: Experimental one-way hash function Message-ID: <0005.8912121301.AA15254@ge.sei.cmu.edu> Date: 11 Dec 89 19:36:35 GMT Sender: Virus Discussion List <VIRUS-L@IBM1.CC.Lehigh.EDU> Lines: 41 Approved: krvw@sei.cmu.edu The one-way hash function, Snefru version 2.0, has been released for general use. It generates either a 128 bit or 256 bit output. Previous discussions in this group have mentioned the X9.9 MAC (Message Authentication Code) that involves a secret key. Snefru is a one-way hash function, and therefore does not use or require any secret information. Further, Snefru has substantially better performance than any DES based system. One-way hash functions have the property that it is computationally infeasible to find two inputs that produce the same output. Thus, if I can authenticate the (128 or 256 bit) output, then I can authenticate the large (perhaps megabytes) input that produced that output. The method of authenticating the output and the method of insuring the integrity of the program computing the one-way hash function are separate issues, not addressed by Snefru. The C source for Snefru version 2.0 is available to anyone who wants a copy via anonymous FTP from "arisia.xerox.com" (a Unix system at Xerox PARC in Palo Alto, CA) in directory "/pub/hash". The source files are: hash2.0.c, standardSBoxes2.c, and testSBoxes.c. An assembly language version written for the Sun SPARCstation 1 can hash large files at a speed slightly faster than 8 megabits per second. This includes CPU time (as measured by the "time" command) and excludes disk transfer time etc. Snefru version 2.0 is still preliminary. It has received only modest security review. It would seem prudent to use it only for experimental or research purposes until it has received more widespread scrutiny. A significant purpose of this posting is to invite such scrutiny. Cheers! Ralph C. Merkle Xerox PARC 3333 Coyote Hill Road Palo Alto, CA 94304 merkle@xerox.com ------- End of Forwarded Message
rayan@cs.toronto.edu (Rayan Zachariassen) (12/15/89)
In case anyone is *really* interested, I have copies of Merkle's papers describing this stuff (Khufu, Khafre, Snefru encryption & crypto-hash algorithms).