MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners

  • Florian Mendel
  • Christian Rechberger
  • Martin Schläffer
Conference paper

DOI: 10.1007/978-3-642-10366-7_9

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5912)
Cite this paper as:
Mendel F., Rechberger C., Schläffer M. (2009) MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners. In: Matsui M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg

Abstract

We consider a long standing problem in cryptanalysis: attacks on hash function combiners. In this paper, we propose the first attack that allows collision attacks on combiners with a runtime below the birthday-bound of the smaller compression function. This answers an open question by Joux posed in 2004.

As a concrete example we give such an attack on combiners with the widely used hash function MD5. The cryptanalytic technique we use combines a partial birthday phase with a differential inside-out technique, and may be of independent interest. This potentially reduces the effort for a collision attack on a combiner like MD5||SHA-1 for the first time.

Keywords

hash functions cryptanalysis MD5 combiner differential 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Florian Mendel
    • 1
  • Christian Rechberger
    • 1
  • Martin Schläffer
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations