[Cryptography] let's kill md5sum!
Ryan Carboni
ryacko at gmail.com
Mon Jun 8 12:55:41 EDT 2015
On Mon, Jun 8, 2015 at 7:33 AM, Zooko Wilcox-OHearn <
zooko at leastauthority.com> wrote:
> > Well, not completely broken, but here's an attack that breaks Tiger
> reduced
> > to 23 rounds (from 24) with 2^47 complexity:
> >
> > http://link.springer.com/chapter/10.1007%2F978-3-540-76900-2_33
>
> There's also
>
> http://eprint.iacr.org/2010/016
>
> Which says it can find a second-pre-image in full (all rounds) Tiger
> with 2^8 memory and 2^188.2 computation.
>
> I must confess I too am fond of Tiger. I agree with Ryan Carboni that
> it is the oldest widely-used secure hash function which hasn't been
> broken.
>
> However, BLAKE2 has a much better security margin than Tiger — see the
> Cryptanalysis section here: https://blake2.net/#cr — in addition to
> being substantially faster than Tiger in software.
>
> Regards,
>
> Zooko
>
"substantially faster"
BLAKE2 has been optimized for modern architectures. Has Tiger? And how much
is substantial?
And collision attacks are more important than preimage attacks anyway.
And when the security margin has been exhausted after two decades of
cryptanalysis...
well.
Are you going to say DES is insecure now too?
There's a certain ludicrousness to evaluating each cipher as if they came
out only a year ago.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150608/9ba4749b/attachment.html>
More information about the cryptography
mailing list