MD4 - Misplaced Pages

This is an old revision of this page, as edited by Travis Evans (talk | contribs) at 22:11, 23 June 2007 (MD2 link was pointing to a disambiguation page). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 22:11, 23 June 2007 by Travis Evans (talk | contribs) (MD2 link was pointing to a disambiguation page)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

MD4
General
Designers	Ronald Rivest
First published	October 1990
Series	MD, MD2, MD3, MD4, MD5
Detail
Digest sizes	128 bits
Rounds	3

MD4 is a message digest algorithm (the fourth in a series) designed by Professor Ronald Rivest of MIT in 1990. It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA and RIPEMD algorithms.

Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. In August 2004, researchers reported generating collisions in MD4 using "hand calculation" (collision attack, not preimage attack), alongside attacks on later hash function designs in the MD4/MD5/SHA/RIPEMD family. The average runtime for a collision attack is 5 seconds on a modern computer (ref: http://stachliu.com/research_collisions.html ).

A variant of MD4 is used in the ed2k URI scheme to provide a unique indentifier for a file in the popular eDonkey2000 / eMule P2P networks.

MD4 hashes

The 128-bit (16-byte) MD4 hashes (also termed message digests) are typically represented as 32-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding MD4 hash:

MD4("The quick brown fox jumps over the lazy dog") 
 = 1bee69a46ba811185c194762abaeae90

Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:

MD4("The quick brown fox jumps over the lazy cog") 
 = b86e130ce7028da59e672d56ad0113df

The hash of the zero-length string is:

MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0

References

Hans Dobbertin, 1998. Cryptanalysis of MD4. J. Cryptology 11(4): 253–271
Hans Dobbertin: Cryptanalysis of MD4. Fast Software Encryption 1996: 53–69

External links

Using Lepton's crack to break a MD4 hash password
RFC 1320 - Description of MD4 by Ron Rivest
An Attack on the Last Two Rounds of MD4
A collision attack on MD4 (Presented at Eurocrypt 2005. Requires about $2^{14}$ MD4 computations. Demonstrates "Theoretical Pre-image Attack on MD4" and "Second Pre-Image Attack for Weak Messages".)
On the Security of Encryption Modes of MD4, MD5 and HAVAL ("MD4 can be broken by related-key boomerang attacks in real time. The attacks have been experimentally tested and run in milliseconds on a PC.")
Improved Collision Attack on MD4 ("We were able to find collisions with probability almost 1, and the average complexity to find a collision is upper bounded by three times of MD4 hash operations.")
Paj's Home: Cryptography — by Paj in JavaScript. Also supports MD5, and SHA-1. Released under the BSD License. Contains links to several other implementations.
MD4 PHP Implementation — based on Paj's JavaScript implementation.

Collisions

Fast MD4 Collision Generator

v t e Cryptographic hash functions and message authentication codes
List Comparison Known attacks
Common functions	MD5 (compromised) SHA-1 (compromised) SHA-2 SHA-3 BLAKE2
SHA-3 finalists	BLAKE Grøstl JH Skein Keccak (winner)
Other functions	BLAKE3 CubeHash ECOH FSB Fugue GOST HAS-160 HAVAL Kupyna LSH Lane MASH-1 MASH-2 MD2 MD4 MD6 MDC-2 N-hash RIPEMD RadioGatún SIMD SM3 SWIFFT Shabal Snefru Streebog Tiger VSH Whirlpool
Password hashing/ key stretching functions	Argon2 Balloon bcrypt Catena crypt LM hash Lyra2 Makwa PBKDF2 scrypt yescrypt
General purpose key derivation functions	HKDF KDF1/KDF2
MAC functions	CBC-MAC DAA GMAC HMAC NMAC OMAC/CMAC PMAC Poly1305 SipHash UMAC VMAC
Authenticated encryption modes	CCM ChaCha20-Poly1305 CWC EAX GCM IAPM OCB
Attacks	Collision attack Preimage attack Birthday attack Brute-force attack Rainbow table Side-channel attack Length extension attack
Design	Avalanche effect Hash collision Merkle–Damgård construction Sponge function HAIFA construction
Standardization	CAESAR Competition CRYPTREC NESSIE NIST hash function competition Password Hashing Competition NSA Suite B CNSA
Utilization	Hash-based cryptography Merkle tree Message authentication Proof of work Salt Pepper

v t e Cryptography
General	History of cryptography Outline of cryptography Classical cipher Cryptographic protocol Authentication protocol Cryptographic primitive Cryptanalysis Cryptocurrency Cryptosystem Cryptographic nonce Cryptovirology Hash function Cryptographic hash function Key derivation function Secure Hash Algorithms Digital signature Kleptography Key (cryptography) Key exchange Key generator Key schedule Key stretching Keygen Machines Cryptojacking malware Ransomware Random number generation Cryptographically secure pseudorandom number generator (CSPRNG) Pseudorandom noise (PRN) Secure channel Insecure channel Subliminal channel Encryption Decryption End-to-end encryption Harvest now, decrypt later Information-theoretic security Plaintext Codetext Ciphertext Shared secret Trapdoor function Trusted timestamping Key-based routing Onion routing Garlic routing Kademlia Mix network
Mathematics	Cryptographic hash function Block cipher Stream cipher Symmetric-key algorithm Authenticated encryption Public-key cryptography Quantum key distribution Quantum cryptography Post-quantum cryptography Message authentication code Random numbers Steganography
Category

Category:

Cryptographic hash functions

MD4 hashes

See also

References

External links

Collisions