Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Sep 2008 05:50:52 +0200
From: Simon Marechal <>
Subject: Re: quite fast MD5 hashing implementation

Bucsay Balázs a écrit :
> Hello!
> I dont see the solution here, maybe because i'm "blind" :)
> a63 -= F(b64,c64,d64) + x + ac;
> You can tell here the a63, if you know the "x", but the x is the part of
> the right password, so if you know x, you will know something about the
> password. Am i right? I hope im not and i can learn a new trick :)

Oh I see your problem. Actually you pretend that you do know the 
password, except for the first four bytes. Then you somehow "know" x, 
until you have to reverse K[0], which is at the start of the last round. 
That way you save 25% while the last part of the passwords you are 
testing stays the same.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.