[Cryptography] let's kill md5sum!

Zooko Wilcox-OHearn zooko at leastauthority.com
Mon Jun 8 10:33:51 EDT 2015


> Well, not completely broken, but here's an attack that breaks Tiger reduced
> to 23 rounds (from 24) with 2^47 complexity:
>
> http://link.springer.com/chapter/10.1007%2F978-3-540-76900-2_33

There's also

http://eprint.iacr.org/2010/016

Which says it can find a second-pre-image in full (all rounds) Tiger
with 2^8 memory and 2^188.2 computation.

I must confess I too am fond of Tiger. I agree with Ryan Carboni that
it is the oldest widely-used secure hash function which hasn't been
broken.

However, BLAKE2 has a much better security margin than Tiger — see the
Cryptanalysis section here: https://blake2.net/#cr — in addition to
being substantially faster than Tiger in software.

Regards,

Zooko


More information about the cryptography mailing list