Misplaced Pages

MD4: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 22:11, 23 June 2007 editTravis Evans (talk | contribs)182 editsm MD2 link was pointing to a disambiguation page← Previous edit Revision as of 23:09, 23 June 2007 edit undoDraicone (talk | contribs)2,734 editsm External links: Clean up linksNext edit →
Line 48: Line 48:


==External links== ==External links==
*
* RFC 1320 - Description of MD4 by Ron Rivest * RFC 1320 - Description of MD4 by Ron Rivest
*
* *
*
* (Presented at ]. Requires about <math>2^{14}</math> MD4 computations. Demonstrates "Theoretical ] on MD4" and "Second Pre-Image Attack for Weak Messages".)
*
* ("MD4 can be broken by ] ]s in real time. The attacks have been experimentally tested and run in milliseconds on a PC.")
* ("We were able to find collisions with probability almost 1, and the average complexity to find a collision is upper bounded by three times of MD4 hash operations.") *
* MD4 in , and
* &mdash; by Paj in ]. Also supports ], and ]. Released under the ]. Contains links to several other implementations.
* &mdash; based on Paj's ] implementation.


===Collisions=== ===Collisions===

Revision as of 23:09, 23 June 2007

MD4
General
DesignersRonald Rivest
First publishedOctober 1990
SeriesMD, MD2, MD3, MD4, MD5
Detail
Digest sizes128 bits
Rounds3

MD4 is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA and RIPEMD algorithms.

Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. In August 2004, researchers reported generating collisions in MD4 using "hand calculation" (collision attack, not preimage attack), alongside attacks on later hash function designs in the MD4/MD5/SHA/RIPEMD family. The average runtime for a collision attack is 5 seconds on a modern computer (ref: http://stachliu.com/research_collisions.html ).

A variant of MD4 is used in the ed2k URI scheme to provide a unique indentifier for a file in the popular eDonkey2000 / eMule P2P networks.

MD4 hashes

The 128-bit (16-byte) MD4 hashes (also termed message digests) are typically represented as 32-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding MD4 hash:

MD4("The quick brown fox jumps over the lazy dog") 
 = 1bee69a46ba811185c194762abaeae90

Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:

MD4("The quick brown fox jumps over the lazy cog") 
 = b86e130ce7028da59e672d56ad0113df

The hash of the zero-length string is:

MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0

See also

References

  • Hans Dobbertin, 1998. Cryptanalysis of MD4. J. Cryptology 11(4): 253–271
  • Hans Dobbertin: Cryptanalysis of MD4. Fast Software Encryption 1996: 53–69

External links

Collisions

Cryptographic hash functions and message authentication codes
Common functions
SHA-3 finalists
Other functions
Password hashing/
key stretching functions
General purpose
key derivation functions
MAC functions
Authenticated
encryption
modes
Attacks
Design
Standardization
Utilization
Cryptography
General
Mathematics
Category: