[Cryptography] Is MD4 as secure as Poly1305 in an AEAD scheme?

Tony Arcieri bascule at gmail.com
Thu Aug 27 17:08:01 EDT 2015


On Thu, Aug 27, 2015 at 12:04 PM, Ryan Carboni <ryacko at gmail.com> wrote:

> Is MD4 as secure as Poly1305 in an AEAD scheme?
>

Don't use broken crypto.


> I notice it consumes roughly the same amount of cycles, and any
> forgery attempts would be nearly as difficult without knowledge of the
> state of the MAC. Afterall, most AEAD schemes also encrypt the MAC
> which essentially negate many attacks. I can't help but feel that MD4
> is set to unfair standards while everything else is set to more
> logical standards.


That's because MD4 is broken. Don't use broken crypto!

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150827/4b13fbe7/attachment.html>


More information about the cryptography mailing list