Paul Hoffman <> writes:
> The longer that MD5 goes without any hint of preimage attacks, the
> less "certain" I am that collision attacks are even related to
> preimage attacks.

I believe that yesterday, at the rump session at Crypto, restricted
preimage attacks were described. Not quite what you want, but getting


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to