kent@sparky.IMD.Sterling.COM (Kent Landfield) (05/09/91)
Submitted-by: Kent Landfield <kent@sparky.IMD.Sterling.COM> Posting-number: Volume 19, Info 7 Archive-name: md4_header MD4 can be used to apply a fingerprint on an article posted to USENET. When run through a verification tool, MD4 will tell you whether an article has been corrupted. The use of MD4 does not detect or prevent the complete replacement of an article. Think of MD4 as a super-strong checksum. The header X-Md4-Signature: contains the value that will be checked against to determine if the article is intact. I am going to be using the X-Md4-Signature: header on all articles posted to the newsgroup comp.sources.misc. While I don't think that this is worth doing for most general USENET articles, it will be extremely useful for archives. X-Md4-Signature: is going to replace the X-Checksum-Snefru: header previously used in this newsgroup. Why the change ??? # Subject: [crypt] Latest Attack on Snefru # Message-ID: <1991Apr26.010111.10500@ox.com> # Date: 26 Apr 91 01:01:11 GMT # Approved: emv@msen.com (Edward Vielmetti, MSEN) # # Archive-name: security/crypt/snefru/1991-04-25 # Archive-directory: arisia.xerox.com:/pub/hash/ [13.1.100.206] # Original-posting-by: merkle@parc.xerox.com (Ralph Merkle) # Original-subject: Latest Attack on Snefru # Reposted-by: emv@msen.com (Edward Vielmetti, MSEN) # # Eli Biham is submitting a paper to Crypto '91 which includes # several interesting cryptanalytic results. # # To quote from his letter to me: # # "The main results on Snefru are: Two-pass and three-pass Snefru # are breakable by a black box attack in which the attacker should # not know the choice of the S boxes used. Snefru with up to four # passes is breakable faster than 2**45 operations provided the S # boxes are known to the attacker. Message hashing to the same # value as any given message can be obtained faster than the brute # force attack for Snefru with up to four passes. These attacks # are faster than 2**64 operation for the two-pass and the # three-pass variants." # # Although Eli has developed a faster-than-brute-force attack on # Snefru with four passes, he has not claimed the prize for breaking # it. To claim the prize requires actual generation of a pair of # inputs that map to the same output. Perhaps by 'Crypto 92. # # Snefru with 8 passes is available by anonymous FTP from # arisia.xerox.com in directory /pub/hash. Cryptanalytic # difficulty typically increases exponentially in the number # of passes, while execution time increases linearly. Further # investigation is required before the security (or lack thereof) # of Snefru with 8 passes can be established. # # I have not heard of a prize for breaking MD4. Come on, Ron! This message is also a note to archivers who are using the CHECKHASH feature available with rkive to verify articles posted to c.s.misc and to c.s.unix. *PLEASE* disable the usage of CHECKHASH for c.s.misc until you have had an opportunity to install the checkmd4 utility that will be posted later tonight in comp.sources.misc. A patch to rkive to support the new header is also slated to be posted tonight. So what happens if you do not disable CHECKHASH?... The archived articles will just appear in the problems directory and you can copy them into place from there... No big deal, just thought I would warn you... :-) I would like to thank Ron Rivest (the author of RFC1186, "The MD4 Message Digest Algorithm") for the MD4 code and RSA Data Security, Inc. for giving me the permission to post it. I would also like to thank Rich Salz for the push to do it and for his snefru code that I hacked... -Kent+ -- Kent Landfield INTERNET: kent@sparky.IMD.Sterling.COM Sterling Software, IMD UUCP: uunet!sparky!kent Phone: (402) 291-8300 FAX: (402) 291-4362 Please send comp.sources.misc-related mail to kent@uunet.uu.net.