ietf-822
[Top] [All Lists]

Re: [Karl Fox: Exporting MD5]

1992-01-20 16:02:30
Both SNEFRU and MD5 are available for anonymous FTP from
parcftp.parc.xerox.com, directory /pub/hash/.  Here's the README from
that directory:

This directory contains the code needed to compute and test
Snefru, the one-way hash function.

Eli Biham broke the 2-pass version of Snefru in April, 1990.  Therefore,
the use of both the 2 and 3 pass version is discouraged.  The 4 pass
version has not been broken, but it would be prudent to use 8 passes
to provide a margin against further cryptanalytic successes.

Note added 91.04.26:  Eli Biham has recently developed an attack on
4-pass Snefru that is somewhat better than exhaustive search.
He has not claimed the prize for breaking the 4-pass version, for
he has not generated a pair of inputs that map to the same output.
His attack will be presented at 'Crypto 91.

The directory "hash2.5a" holds Snefru.  This version supports
8 passes as the default mode of operation.  It is a compromise
version that is reasonably efficient and reasonably easy to
understand.

Version 2.5a is algorithmically identical to the earlier versions
(2.0, 2.1, 2.2, and 2.3) but allows for 8 passes.  The earlier versions
only allowed 4 passes.  The additional passes use additional
S-Box material, which was generated by reading a few more random
numbers from the RAND book of random numbers.

The file "genSBoxes.c" contains the first 2,000 lines from the RAND
book of random numbers, which it uses to generate the S-Boxes.
The data in the program can be easily compared with the contents of
the original book (published in the '50's) to verify that the source
of random information is truly random.  The algorithm that generates
the actual S-Boxes from the random numbers is specified in C, and can
also be inspected to verify that it does not have any hidden weaknesses.

Each sub-directory contains the following files:
README          Instructions and quick overview.
snefru.c        The main C source.
testSnefru      A shell test script.
testSnefru256   A shell test script for Snefru with 256-bit output.
correctSnefruOutput    Sample correct output.
correctSnefru256Output Sample correct output for the 256-bit output version.
<other>           some other files.
snefru.shar       A "shar" (shell archive) of the files in the directory.
snefru.shar.Z     A compressed version of snefru.shar.
snefru.uu         A uuencoded version of snefru.shar.Z.
snefru.tar        The tar version of the directory hash2.5a.
snefru.tar.Z      A compressed tar file of the directory.


The file "md4" holds the description and C source for the MD4 message
digest algorithm (one-way hash function) proposed by
Ron Rivest.  It is included here both for convenience and as a courtesy.
It is also available by anonymous ftp from theory.lcs.mit.edu in directory
/u/ftp/pub/md4.doc (actually pub/md4.doc from anonymous FTP).

The file "md5.doc" holds the description and C source for the MD5
message digest algorithm, also proposed by Ron Rivest.  It is
available by anonymous FTP from rsa.com in directory /pub/md5.doc.
MD5 should be used in preference to MD4.

As was mentioned, these are legal to export to other countries.

Bill

<Prev in Thread] Current Thread [Next in Thread>