Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
MD4
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Security== Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991.<ref>{{cite journal |author=Bert den Boer, Antoon Bosselaers |year=1991 |title=An Attack on the Last Two Rounds of MD4 |url=http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C91/194.PDF |url-status=dead |archive-url=https://web.archive.org/web/20030523231212/http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C91/194.PDF |archive-date=2003-05-23 }}</ref> The first full-round MD4 [[collision attack]] was found by [[Hans Dobbertin]] in 1995, which took only seconds to carry out at that time.<ref>{{cite journal |author=Hans Dobbertin |date=1995-10-23 |title=Cryptanalysis of MD4 |journal=Journal of Cryptology |volume=11 |issue=4 |pages=253–271 |doi=10.1007/s001459900047 |s2cid=7462235 |doi-access=free }}</ref> In August 2004, [[Wang Xiaoyun|Wang]] et al. found a very efficient collision attack, alongside attacks on later hash function designs in the MD4/MD5/SHA-1/RIPEMD family. This result was improved later by Sasaki et al., and generating a collision is now as cheap as verifying it (a few microseconds).<ref name=sasaki-2007 /> In 2008, the [[preimage resistance]] of MD4 was also broken by Gaëtan Leurent, with a 2<sup>102</sup> attack.<ref>{{cite journal |author=Gaëtan Leurent |title=MD4 is Not One-Way |date=2008-02-10 |journal=Fast Software Encryption, 15th International Workshop, FSE 2008 |volume=5086 |pages=412-428 |series=Lecture Notes in Computer Science |publisher=Springer |doi=10.1007/978-3-540-71039-4_26 |url=https://iacr.org/archive/fse2008/50860419/50860419.pdf |archive-url=https://web.archive.org/web/20110611225208/https://www.di.ens.fr/~leurent/files/MD4_FSE08.pdf |archive-date=2011-06-11 }}</ref> In 2010 Guo et al published a 2<sup>99.7</sup> attack.<ref>{{Cite book|chapter-url=https://www.academia.edu/20987202|pages=56–75|last1=Guo|first1=Jian|last2=Ling|first2=San|last3=Rechberger|first3=Christian|last4=Wang|first4=Huaxiong|title=Advances in Cryptology - ASIACRYPT 2010 |chapter=Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2 |series=Lecture Notes in Computer Science |year=2010 |volume=6477 |doi=10.1007/978-3-642-17373-8_4 |isbn=978-3-642-17372-1 |doi-access=free|hdl=10356/94168|hdl-access=free}}</ref> In 2011, RFC 6150 stated that RFC 1320 (MD4) is '''historic''' (obsolete).
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)