Re: MD5 partial collisions

Bill Stewart (bill.stewart@pobox.com)
Mon, 20 Jul 1998 18:31:26 -0700

• Next message: William H. Geiger III: "Online Reference Papers on IDEA & ElGamal"
• Previous message: Enzo Michelangeli: "Re: linux kernel loopback encryption"
• Maybe in reply to: Oskar Pearson: "linux kernel loopback encryption"
• Next in thread: C Matthew Curtin: "Re: MD5 partial collisions"

Dobbertin is concerned with the security problem -
can an attacker fake a hash - especially with full matches.

A different approach to partial collisions is Adam Back's hashcash work -
using brute force to find strings that have some number of
bits in their hash that match. Adam is concerned with proving that
the user has done lots of brute force work, e.g. to discourage spammers,
by making it not too expensive to send one message but
very expensive and slow to send millions of messages.
Look up "hashcash" on your favorite search engines.

>> > Can anyone point me at papers on partial collisions (don't know if
>> > that's the right term: a subset of bits match) for MD5?
>
>>As far as I know this was discovered by Hans Dobbertin. I cant remember
>>the actual reference, but a web search should give you some hints.
>
>http://www.ph.tn.tudelft.nl/~visser/hashes.html

                                Thanks!
                                        Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639

• Next message: William H. Geiger III: "Online Reference Papers on IDEA & ElGamal"
• Previous message: Enzo Michelangeli: "Re: linux kernel loopback encryption"
• Maybe in reply to: Oskar Pearson: "linux kernel loopback encryption"
• Next in thread: C Matthew Curtin: "Re: MD5 partial collisions"