MD4
Encyclopedia
The MD4 Message-Digest Algorithm is a cryptographic hash function
developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5
, SHA-1 and RIPEMD
algorithms.
The security of MD4 has been severely compromised. The first full collision attack
against MD4 was published in 1995 and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations. A theoretical preimage attack
also exists.
A variant of MD4 is used in the ed2k URI scheme to provide a unique identifier for a file in the popular eDonkey2000 / eMule P2P networks. MD4 is also used by the rsync
protocol.
MD4 is used to compute NTLM
password-derived key digests on Microsoft Windows NT, XP, Vista and 7.
was found by Hans Dobbertin
in 1995, which took only seconds to carry out at that time. In August 2004, Wang et al. found a very efficient collision attack, alongside attacks on later hash function designs in the MD4/MD5/SHA-1/RIPEMD family. This result was improved later by Sasaki et al., and generating a collision is now as cheap as verifying it (a few microseconds).
In 2008, the preimage resistance of MD4 was also broken by Gaëtan Leurent, with a 2102 attack. In 2011 RFC 6150 stated that RFC 1320 (MD4) is historic (obsolete).
numbers. The following demonstrates a 43-byte ASCII
input and the corresponding MD4 hash:
MD4("The quick brown fox jumps over the lazy dog")
= 1bee69a46ba811185c194762abaeae90
Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:
MD4("The quick brown fox jumps over the lazy cog")
= b86e130ce7028da59e672d56ad0113df
The hash of the zero-length string is:
MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 043f8582f241db351ce627e153e7f0e4
MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
Cryptographic hash function
A cryptographic hash function is a deterministic procedure that takes an arbitrary block of data and returns a fixed-size bit string, the hash value, such that an accidental or intentional change to the data will change the hash value...
developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, SHA-1 and RIPEMD
RIPEMD
RIPEMD-160 is a 160-bit message digest algorithm developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996...
algorithms.
Collision attack
In cryptography, a collision attack on a cryptographic hash tries to find two arbitrary inputs that will produce the same hash value, i.e. a hash collision...
against MD4 was published in 1995 and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations. A theoretical preimage attack
Preimage attack
In cryptography, the preimage attack is a classification of attacks on hash functions for finding a message that has a specific hash value.There are two types of preimage attacks:...
also exists.
A variant of MD4 is used in the ed2k URI scheme to provide a unique identifier for a file in the popular eDonkey2000 / eMule P2P networks. MD4 is also used by the rsync
Rsync
rsync is a software application and network protocol for Unix-like and Windows systems which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate. An important feature of rsync not found in most similar...
protocol.
MD4 is used to compute NTLM
NTLM
In a Windows network, NTLM is a suite of Microsoft security protocols that provides authentication, integrity, and confidentiality to users....
password-derived key digests on Microsoft Windows NT, XP, Vista and 7.
Security
Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. The first full-round MD4 collision attackCollision attack
In cryptography, a collision attack on a cryptographic hash tries to find two arbitrary inputs that will produce the same hash value, i.e. a hash collision...
was found by Hans Dobbertin
Hans Dobbertin
Hans Dobbertin, was a German cryptographer who is best known for his work on cryptanalysis of the MD4, MD5, and original RIPEMD hash functions, and for his part in the design of the new version of the RIPEMD hash function...
in 1995, which took only seconds to carry out at that time. In August 2004, Wang et al. found a very efficient collision attack, alongside attacks on later hash function designs in the MD4/MD5/SHA-1/RIPEMD family. This result was improved later by Sasaki et al., and generating a collision is now as cheap as verifying it (a few microseconds).
In 2008, the preimage resistance of MD4 was also broken by Gaëtan Leurent, with a 2102 attack. In 2011 RFC 6150 stated that RFC 1320 (MD4) is historic (obsolete).
MD4 hashes
The 128-bit (16-byte) MD4 hashes (also termed message digests) are typically represented as 32-digit hexadecimalHexadecimal
In mathematics and computer science, hexadecimal is a positional numeral system with a radix, or base, of 16. It uses sixteen distinct symbols, most often the symbols 0–9 to represent values zero to nine, and A, B, C, D, E, F to represent values ten to fifteen...
numbers. The following demonstrates a 43-byte ASCII
ASCII
The American Standard Code for Information Interchange is a character-encoding scheme based on the ordering of the English alphabet. ASCII codes represent text in computers, communications equipment, and other devices that use text...
input and the corresponding MD4 hash:
MD4("The quick brown fox jumps over the lazy dog")
= 1bee69a46ba811185c194762abaeae90
Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c:
MD4("The quick brown fox jumps over the lazy cog")
= b86e130ce7028da59e672d56ad0113df
The hash of the zero-length string is:
MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 Test Vectors
The following test vectors are defined in RFC 1320 (The MD4 Message-Digest Algorithm)MD4 ("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 ("a") = bde52cb31de33e46245e05fbdbd6fb24
MD4 ("abc") = a448017aaf21d8525fc10ae87aa6729d
MD4 ("message digest") = d9130a8164549fe818874806e1c7014b
MD4 ("abcdefghijklmnopqrstuvwxyz") = d79e1c308aa5bbcdeea8ed63df412da9
MD4 ("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789") = 043f8582f241db351ce627e153e7f0e4
MD4 ("12345678901234567890123456789012345678901234567890123456789012345678901234567890") = e33b4ddc9c38f2199c3e7b164fcc0536
See also
- Comparison of cryptographic hash functionsComparison of cryptographic hash functionsThe following tables compare general and technical information for a number of cryptographic hash functions.- General information :Basic general information about the cryptographic hash functions: year, designer, references, etc.- Compression function :...
- MD2
- MD5MD5The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
- MD6MD6The MD6 Message-Digest Algorithm is a cryptographic hash function. It uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs...
External links
- RFC 1320 - Description of MD4 by Ron Rivest
- RFC 6150 - MD4 to Historic Status
- MD4 implementation in PHP and online