Cryptanalysis of t-function-based hash functions

T-functions are a useful new tool to design symmetric-key algorithms, introduced by Klimov and Shamir in 2002. They have already been used to build stream ciphers and new applications for block ciphers and hash functions have been recently suggested. In this paper, we analyze the security of several possible constructions of hash functions, based on T-functions. We show that most natural ideas are insecure. As an application, we describe a practical preimage attack against the dedicated hash function used in the MySQL password-based authentication mechanisms.