Date: Fri, 29 Jun 2012 15:26:50 +0300 From: Milen Rangelov <gat3way@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Re: Re: md5 internals question Hello, If we select D from round 64, we can predict all the bits that influence it > without knowing the input back until A48. This is because it mixes in W > bits > at R60 from W (all zero), R56 from W (all zero), R52 from W (all > zero), and finally R48 from (unfortunately) W, which is part of the > input > message and cannot be predicted. > > So we manage to skip 3 rounds that mix in input bits, and so for the common > case only have to do 48 rounds! > > W is not the stopper. You can skip some more steps past 48 provided that you can keep W..W constant for the reverse calculations. You may check that thread: http://3.14.by/forum/viewtopic.php?f=8&t=47 Regards, Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.