Admin: Created page with "The '''MD4 Message-Digest Algorithm''' is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced..."

2019-03-22T03:47:14Z

Created page with "The '''MD4 Message-Digest Algorithm''' is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced..."

New page

The '''MD4 Message-Digest Algorithm''' is a [[cryptographic hash function]] developed by [[Ronald Rivest]] in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the [[MD5]], [[SHA-1]] and [[RIPEMD]] algorithms. The acronym "MD" stands for "Message Digest."

The security of MD4 has been severely compromised. The first full [[collision attack]] against MD4 was published in 1995 and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations.

==Security==
Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. The first full-round MD4 [[collision attack]] was found by [[Hans Dobbertin]] in 1995, which took only seconds to carry out at that time. In August 2004, [[Wang Xiaoyun|Wang]] et al. found a very efficient collision attack, alongside attacks on later hash function designs in the MD4/MD5/SHA-1/RIPEMD family. This result was improved later by Sasaki et al., and generating a collision is now as cheap as verifying it (a few microseconds). In 2011, RFC 6150 stated that RFC 1320 (MD4) is '''historic''' (obsolete).

==MD4 hashes==
The 128-bit (16-byte) MD4 hashes (also termed ''message digests'') are typically represented as 32-digit [[hexadecimal]] numbers. The following demonstrates a 43-byte [[ASCII]] input and the corresponding MD4 hash:

MD4("The quick brown fox jumps over the lazy og")
= 1bee69a46ba811185c194762abaeae90

Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing <tt>d</tt> to <tt>c</tt>:

MD4("The quick brown fox jumps over the lazy og")
= b86e130ce7028da59e672d56ad0113df

The hash of the zero-length string is:

MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0

==MD4 test vectors==
The following test vectors are defined in RFC 1320 (The MD4 Message-Digest Algorithm)

MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 043f8582f241db351ce627e153e7f0e4
MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536

==MD4 collision example==
Let:
k1 = 839c7a4d7a92cb678a5d59eea5a7573c8a74deb366c3dc20a083b69f5d2a3bb3719dc69891e9f95e809fd7e8b23ba6318ed45e51fe39708bf9427e9c3e8b9
k2 = 839c7a4d7a92cb678a5d59eea5a7573c8a74deb366c3dc20a083b69f5d2a3bb3719dc69891e9f95e809fd7e8b23ba6318ed45e51fe39708bf9427e9c3e8b9

k1 ≠ k2, but MD4(k1) = MD4(k2) = 4d7e6a1defa93d2dde05b45d864c429b

Note that two hex-digits of k1 and k2 define one byte of the input string, whose length is 64 bytes .

==See also==
* [[Hash function security summary]]
* [[Comparison of cryptographic hash functions]]
* [[MD2 (cryptography)|MD2]]
* [[MD5]]
* [[MD6]]

==Source==

[http://wikipedia.org/ http://wikipedia.org/]

[[Category:Cryptography]]

MD4 - Revision history

Admin: Created page with "The '''MD4 Message-Digest Algorithm''' is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced..."