home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Language/OS - Multiplatform Resource Library
/
LANGUAGE OS.iso
/
hash
/
reward.txt
< prev
next >
Wrap
Text File
|
1993-07-23
|
6KB
|
166 lines
The one-way hash function, Snefru 2.5, is available
by anonymous FTP from parcftp.xerox.com in directory
/pub/hash. It is available for use by anyone interested.
The $1,000 reward for breaking the 2-pass version of Snefru
was won by Eli Biham, a Ph.D. student of Adi Shamir, in April 1990.
A separate $1,000 reward, not yet claimed, is being offered to
the first person to break the 4-pass version of Snefru.
General: Snefru 2.5 is a one-way hash function. One-way
hash functions have also been called manipulation detection
codes (MDC's), message digests, cryptographically secure
checksums, cryptographically secure hash totals, and sometimes
fingerprints.
One way hash functions do not involve use of a secret key
or any secret information. They are used to authenticate
information, and to verify that the information has not
been tampered with. One-way hash functions have the
following properties:
1.) Given any input of any size (a file, for example) it is
easy to compute the output of the one-way hash function. If
the one-way hash function is designated H, then
output = H(input)
is easy to compute (takes time linear in the size of the input).
2.) Although the input might be very large, the output is
relatively small and of fixed size. In Snefru 2.5, the output
can be either 128 or 256 bits (selectable by the user).
3.) It is computationally infeasible to find two inputs x and
x' that produce the same output. That is, finding x and x' such
that:
H(x) = H(x')
is infeasible. Finding such a pair of inputs is known as
"cracking" or "breaking" the one-way hash function.
4.) Given an output, it is computationally infeasible to
find an input that produces that output. (This property
is not always used).
One-way hash functions are not the same as Message Authentication
Codes, or MAC's, which involve the use of a secret key.
History of Snefru:
Snefru version 1.0 was designed and made public in early 1989.
No significant security flaws were found at that time in Snefru 1.0,
but several improvements were suggested. Most significantly, the
tables used in Snefru 1.0 were not generated in a publicly verifiable
fashion.
Snefru version 2.0 uses a set of tables generated from publicly
known random information: "A Million Random Digits with
100,000 Normal Deviates" by the RAND Corporation, published
by the Free Press in 1955. In addition, the algorithm used
to derive the tables is also publicly known (and available
for anonymous FTP along with Snefru 2.5).
During the redesign, the basic algorithm was made simpler
and some features of modest utility which increased the
complexity of the design were eliminated. The revisions
for Snefru 2.0 were completed in July. The C source for
Snefru 2.0 was made available by anonymous FTP in November
of 1989.
Security of Snefru:
The security of one-way hash functions can (at present) only
be assessed by making them widely available for review and
attack. At the present time, Snefru has undergone some internal
review at Xerox and has been subjected to two separate and
independent reviews by two outside consultants hired
for the purpose. Following general distribution of Snefru
for analysis and attack, Eli Biham broke the 2-pass version
of Snefru in April 1990 and won the $1,000 prize being
offered for such a break.
The difficulty of breaking such systems normally goes up
sharply with the number of passes. The default number of
passes has been increased to 8. A new reward of
$1,000 is being offered to the first person to break the
4-pass version.
In view of Eli's successful attack on the 2-pass version, it
would be prudent to wait until he (and others) have had a
chance to review the strength of the 4-pass version.
And, of course, Xerox Corporation makes no representations
concerning either the merchantability of Snefru or the suitability
of Snefru for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.
To encourage examination of the 4-pass version of Snefru,
a reward of $1,000 is offered to the first person who shows
they have broken it. A "break" is defined as providing
two different inputs that produce the same output.
The output size will be 128 bits, and the "security level"
parameter will be set at 4. (Note that a larger output size
(256 bits) is available in Snefru 2.5 as an option).
Fine print: Xerox employees cannot enter. The winner must send his
name, address, and social security number along with the
inputs x and x' that produce the same output. It is expected that
other relevant information (the nature of the algorithm used, the
hardware, etc) will also be sent, though this is not required. Any
taxes are the responsibility of the winner. We reserve the right
to decide ties (multiple entries on or about the same date) and our
decision will be final.
Implementation:
Snefru version 2.5a supports 8 passes. It is algorithmically identical
to versions 2.0, 2.1, 2.2, and 2.3. The default setting for the number
of passes in 2.5a has been changed to 8. By setting the number of passes
to 2 or 4, the results can be made identical with the earlier versions.
In the author's opinion, further security analysis of Snefru is required
before it can be considered for production use.
Free Availability:
Anyone who wishes to use Snefru can do so without charge.
The following notices appear in the source, and are the only
restrictions on the use of Snefru:
Copyright (c) Xerox Corporation 1989. All rights reserved.
License to copy and use this software is granted provided
that it is identified as the "Xerox Secure Hash Function"
in all material mentioning or referencing this software
or this hash function.
License is also granted to make and use derivative works
provided that such works are identified as "derived from
the Xerox Secure Hash Function" in all material mentioning
or referencing the derived work.
Xerox Corporation makes no representations concerning either
the merchantability of this software or the suitability of
this software for any particular purpose. It is provided
"as is" without express or implied warranty of any kind.
Re-posting of this announcement to appropriate groups is encouraged.
Ralph C. Merkle
merkle@xerox.com
Xerox PARC
3333 Coyote Hill Road
Palo Alto, CA 94304