Content deleted Content added
→Attack on Davies-Meyer: Removed my earlier incorrect statement and gave a new one. |
m →Attack on Davies-Meyer: Signed my change. |
||
Line 6:
::''According to Bruce Schneier this "is not really worth worrying about"[4]'' He probably meant '''in practice''', this is not worth worrying about. In the Eurocrypt 2005 paper with Kelsey, Schneier DOES use the fixpoint attack to show that the MD construction is far from being a random oracle, and so in a sense more brittle than one would wish it to be. However their attack is completely impractical because to be effective, it requires gigantic messages. [[User:71.142.222.181|71.142.222.181]] 19:04, 9 March 2007 (UTC)
My earlier statement (which I now have removed from this discussion) that the finding of a fixed point requires “exponential time” is not correct: it can be easily found for a block cipher. The correct way is to say that fixed points do not enable the attacker to go below the birthday paradox bound (2<sup>n/2</sup> time) when Merkle-Damgård (MD) strengthening (bitlength of the message is appended at its end) is used - however the fixed points enable to go below the more beautiful 2<sup>n</sup> limit as described in the attack of Kelsey and Schneier.[[User:Atwater|Atwater]] ([[User talk:Atwater|talk]]) 10:39, 19 February 2009 (UTC)
== Comparisons? ==
| |||