[Cryptography] let's kill md5sum!
Zooko Wilcox-OHearn
zooko at leastauthority.com
Mon Jun 8 10:33:51 EDT 2015
> Well, not completely broken, but here's an attack that breaks Tiger reduced
> to 23 rounds (from 24) with 2^47 complexity:
>
> http://link.springer.com/chapter/10.1007%2F978-3-540-76900-2_33
There's also
http://eprint.iacr.org/2010/016
Which says it can find a second-pre-image in full (all rounds) Tiger
with 2^8 memory and 2^188.2 computation.
I must confess I too am fond of Tiger. I agree with Ryan Carboni that
it is the oldest widely-used secure hash function which hasn't been
broken.
However, BLAKE2 has a much better security margin than Tiger — see the
Cryptanalysis section here: https://blake2.net/#cr — in addition to
being substantially faster than Tiger in software.
Regards,
Zooko
More information about the cryptography
mailing list