Wang's (et al) differential attack works on MD5, MD4, RIPEMD and HAVAL.
Why doesn't it work on SHA-1?
Asked
Active
Viewed 388 times
1 Answers
6
The message expansion step in SHA-1. The compression functions for MD4,MD5, RIPEMD and I think HAVAL only re-arrange and re-use words in the message block.
SHA-1 will expand the message from 16 words to 80 words using a rotation and XOR operation. The additional 64 words are a function of every word of the message block.
Because of this additional dependence on previous words in the block, Wang's attack will not work.
user13741
- 2,637
- 13
- 16