Wang's (et al) differential attack works on MD5, MD4, RIPEMD and HAVAL.
Why doesn't it work on SHA-1?
Asked
Active
Viewed 352 times
12
Maarten Bodewes
- 92,551
- 13
- 161
- 313
Peppina
- 121
- 2
-
The website https://sites.google.com/site/itstheshappening/ has the details of another attack on SHA-1 from Marc Stevens (CWI, the Netherlands), Pierre Karpman (Inria, France and NTU Singapore) and Thomas Peyrin (NTU Singapore). – kodlu Dec 23 '16 at 03:12
1 Answers
6
The message expansion step in SHA-1. The compression functions for MD4,MD5, RIPEMD and I think HAVAL only re-arrange and re-use words in the message block.
SHA-1 will expand the message from 16 words to 80 words using a rotation and XOR operation. The additional 64 words are a function of every word of the message block.
Because of this additional dependence on previous words in the block, Wang's attack will not work.
user13741
- 2,627
- 11
- 16