Re: RIPEMD broken, *NOT* RIPEMD-128 and RIPEMD-160
From: Julius C. Duque (jcduque_at_lycos.com)
Date: 08/24/04
- Next message: KKH: "Re: zero knowledge proof for large lists"
- Previous message: Mok-Kong Shen: "Re: strengthening /dev/urandom"
- In reply to: Francois Grieu: "RIPEMD broken, *NOT* RIPEMD-128 and RIPEMD-160"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 24 Aug 2004 08:19:44 -0700
Francois Grieu <fgrieu@francenet.fr> wrote in message news:<fgrieu-CB948B.09020823082004@individual.net>...
> In article <fgrieu-05A994.05060218082004@individual.net>, I wrote:
>
>
> > New result [1] of Xiaoyun Wang, Dengguo Feng, Xuejia Lai &
> > Hongbo Yu, is devastating against MD4 (broken by hand !),
> > MD5, HAVAL-128 and RIPEMD 128
>
> Should be: RIPEMD, a 128 bit hash. The attack does NOT seem
> to apply to RIPEMD-128, nor RIPEMD-160 [2]. This is because
> RIPEMD-128 is somewhat to RIPEMD what SHA-1 is to SHA(-0): a
> rotation is added specifically to block attacks on the high
> bit.
>
> Francois Grieu
Thanks for the clarification. Indeed, the first pair of messages given
in the Chinese paper have a digest of
0xdd6478dd9a7d821caa018648e5e792e9, while the second pair have a
digest of 0x88cea096c773c29f04cd96984a41d139 in RIPEMD. Just swap the
byte order given in the paper.
Julius
- Next message: KKH: "Re: zero knowledge proof for large lists"
- Previous message: Mok-Kong Shen: "Re: strengthening /dev/urandom"
- In reply to: Francois Grieu: "RIPEMD broken, *NOT* RIPEMD-128 and RIPEMD-160"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
