MD4
From Wikipedia, the free encyclopedia
| MD4 | |
| General | |
|---|---|
| Designers | Ronald Rivest |
| First published | October 1990 |
| Series | MD, MD2, MD3, MD4, MD5 |
| Detail | |
| Digest sizes | 128 bits |
| Rounds | 3 |
MD4 is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA and RIPEMD algorithms. MD4 is also used to compute NT-hash password digests on Microsoft Windows NT, XP and Vista.
Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. The first collision attack was found by Dobbertin in 1996. In August 2004, Wang et al. found a very efficient collision attack, alongside attacks on later hash function designs in the MD4/MD5/SHA/RIPEMD family. This result was improved later by Sasaki et al., and generating a collision is now as cheap as verifying it (a few microseconds).
A variant of MD4 is used in the ed2k URI scheme to provide a unique indentifier for a file in the popular eDonkey2000 / eMule P2P networks.
Contents |
[edit] MD4 hashes
The 128-bit (16-byte) MD4 hashes (also termed message digests) are typically represented as 32-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding MD4 hash:
MD4("The quick brown fox jumps over the lazy dog")
= 1bee69a46ba811185c194762abaeae90
Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:
MD4("The quick brown fox jumps over the lazy cog")
= b86e130ce7028da59e672d56ad0113df
The hash of the zero-length string is:
MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
[edit] MD4 Test Vectors
The following test vectors are defined in RFC 1320 (The MD4 Message-Digest Algorithm)
MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 043f8582f241db351ce627e153e7f0e4
MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
[edit] See also
[edit] References
- Bert den Boer, Antoon Bosselaers: An Attack on the Last Two Rounds of MD4. Crypto 1991: 194–203
- Hans Dobbertin: Cryptanalysis of MD4. Fast Software Encryption 1996: 53–69
- Hans Dobbertin, 1998. Cryptanalysis of MD4. J. Cryptology 11(4): 253–271
- Xiaoyun Wang, Xuejia Lai, Dengguo Feng, Hui Chen, Xiuyuan Yu: Cryptanalysis of the Hash Functions MD4 and RIPEMD. Eurocrypt 2005: 1–18
- Yu Sasaki, Lei Wang, Kazuo Ohta, Noboru Kunihiro: New Message Difference for MD4. Fast Software Encryption 2007: 329–348
[edit] External links
- RFC 1320 - Description of MD4 by Ron Rivest
- On the Security of Encryption Modes of MD4, MD5 and HAVAL
- Improved Collision Attack on MD4
- MD4 implementation in JavaScript, PHP and online
[edit] Collision Attacks
|
||||||||||||||||||||||||||||||||
