MD4
From Wikipedia, the free encyclopedia
Designer(s): | Ronald Rivest |
---|---|
First published: | October 1990, in RFC 1186; obsoleted by RFC 1320 in April 1992 |
Digest size: | 128 bits |
Rounds: | 3 |
MD, MD2, MD3, MD4 and MD5 are part of a series of algorithms designed by Ronald Rivest of MIT. The first in the series, MD, is proprietary. MD3 was retired before publication, due to an (unpublished) flaw. MD2, MD4 and MD5 are all Internet standards (RFCs). MD stands for Message Digest. | |
MD4 is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA and RIPEMD algorithms.
Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. In August 2004, researchers reported generating collisions in MD4 using "hand calculation" [1], alongside attacks on later hash function designs in the MD4/MD5/SHA/RIPEMD family.
A variant of MD4 is used in the ed2k URI scheme to provide a unique indentifier for a file in the popular eDonkey2000 / eMule P2P networks.
Contents |
[edit] MD4 hashes
The 128-bit (16-byte) MD4 hashes (also termed message digests) are typically represented as 32-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding MD4 hash:
MD4("The quick brown fox jumps over the lazy dog") = 1bee69a46ba811185c194762abaeae90
Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:
MD4("The quick brown fox jumps over the lazy cog") = b86e130ce7028da59e672d56ad0113df
The hash of the zero-length string is:
MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
[edit] See also
[edit] References
- Hans Dobbertin, 1998. Cryptanalysis of MD4. J. Cryptology 11(4): 253–271
- Hans Dobbertin: Cryptanalysis of MD4. Fast Software Encryption 1996: 53–69
[edit] External links
- Using Lepton's crack to break a MD4 hash password
- RFC 1320 - Description of MD4 by Ron Rivest
- An Attack on the Last Two Rounds of MD4
- A collision attack on MD4 (Presented at Eurocrypt 2005. Requires about 214 MD4 computations. Demonstrates "Theoretical Pre-image Attack on MD4" and "Second Pre-Image Attack for Weak Messages".)
- On the Security of Encryption Modes of MD4, MD5 and HAVAL ("MD4 [...] can be broken by related-key boomerang attacks in real time. The attacks have been experimentally tested and run in milliseconds on a PC.")
- Improved Collision Attack on MD4 ("We were able to find collisions with probability almost 1, and the average complexity to find a collision is upper bounded by three times of MD4 hash operations.")
- Paj's Home: Cryptography — by Paj in JavaScript. Also supports MD5, and SHA-1. Released under the BSD License. Contains links to several other implementations.
[edit] Collisions
Hash algorithms: Gost-Hash | HAS-160 | HAS-V | HAVAL | MDC-2 | MD2 | MD4 | MD5 | N-Hash | RadioGatún | RIPEMD | SHA family | Snefru | Tiger | VEST | WHIRLPOOL | crypt(3) DES |
MAC algorithms: DAA | CBC-MAC | HMAC | OMAC/CMAC | PMAC | UMAC | Poly1305-AES | VEST |
Authenticated encryption modes: CCM | EAX | GCM | OCB | VEST Attacks: Birthday attack | Collision attack | Preimage attack | Rainbow table | Brute force attack |
Standardization: CRYPTREC | NESSIE Misc: Avalanche effect | Hash collision | Hash functions based on block ciphers |
History of cryptography | Cryptanalysis | Cryptography portal | Topics in cryptography |
Symmetric-key algorithm | Block cipher | Stream cipher | Public-key cryptography | Cryptographic hash function | Message authentication code | Random numbers |