Score:1

Finding second-preimage to this use of weak hash

cn flag

$h'(x) := h(a_1 \parallel x \parallel b_1) \parallel h(a_2 \parallel x \parallel b_2) \parallel h(a_3 \parallel x \parallel b_3) \parallel \dots \parallel h(a_k \parallel x \parallel b_k)$

$a_i$ and $b_i$ are known prefixes and suffixes.

If $h$ is MD2 or MD4, how much work would it take to find a second-preimage to $h'$?

Just to be clear: The output of $h'$ is relatively long, $k$ times longer than the output of $h$.


Answers to the same question but with an even weaker cryptographic-hash, may also be of interest. But not as weak as a checksum.

Naively I'd thought that if it requires $2^n$ work to find second-preimage of $h$ then it require $2^{kn}$ work to find second-preimage to $h'$. Since you need to find a specific $x$ that satisfied second-preimage to all $h(a_i \parallel x \parallel b_i)$. But maybe there is a faster way.

kelalaka avatar
in flag
What are you trying to achieve? Why do you need improve MD2 or MD4? Why don't you just use modern hashes?
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.