merkle@parc.xerox.com (Ralph Merkle) (04/26/91)
Archive-name: security/crypt/snefru/1991-04-25 Archive-directory: arisia.xerox.com:/pub/hash/ [13.1.100.206] Original-posting-by: merkle@parc.xerox.com (Ralph Merkle) Original-subject: Latest Attack on Snefru Reposted-by: emv@msen.com (Edward Vielmetti, MSEN) Eli Biham is submitting a paper to Crypto '91 which includes several interesting cryptanalytic results. To quote from his letter to me: "The main results on Snefru are: Two-pass and three-pass Snefru are breakable by a black box attack in which the attacker should not know the choice of the S boxes used. Snefru with up to four passes is breakable faster than 2**45 operations provided the S boxes are known to the attacker. Message hashing to the same value as any given message can be obtained faster than the brute force attack for Snefru with up to four passes. These attacks are faster than 2**64 operation for the two-pass and the three-pass variants." Although Eli has developed a faster-than-brute-force attack on Snefru with four passes, he has not claimed the prize for breaking it. To claim the prize requires actual generation of a pair of inputs that map to the same output. Perhaps by 'Crypto 92. Snefru with 8 passes is available by anonymous FTP from arisia.xerox.com in directory /pub/hash. Cryptanalytic difficulty typically increases exponentially in the number of passes, while execution time increases linearly. Further investigation is required before the security (or lack thereof) of Snefru with 8 passes can be established. I have not heard of a prize for breaking MD4. Come on, Ron! -- comp.archives file verification arisia.xerox.com total 257 -rw-r--r-- 1 407 2395 Dec 7 16:50 README drwxr-xr-x 2 407 512 Dec 7 16:48 hash2.5a -r--r--r-- 1 407 6343 Nov 30 17:52 REWARD -r--r--r-- 1 407 210507 Nov 30 17:24 genSBoxes.c -r--r--r-- 1 407 29861 Mar 20 1990 md4 found snefru ok arisia.xerox.com:/pub/hash/