Cryptanalysis of MD4

被引：75

作者：

Dobbertin, H ^{[1
]}

机构：

[1] German Informat Secur Agcy, D-53133 Bonn, Germany

来源：

JOURNAL OF CRYPTOLOGY | 1998年 / 11卷 / 04期

关键词：

dedicated hash functions; collisions; MD4; MD5; RIPEMD;

D O I：

10.1007/s001459900047

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 [计算机软件与理论];

摘要：

In 1990 Rivest introduced the hash function MD4. Two years later RIPEMD, a European proposal, was designed as a stronger mode of MD4. In 1995 the author found an attack against two of three rounds of RIPEMD. As we show in the present note, the methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known. An implementation of our attack allows us to find collisions for MD4 in a few seconds on a PC. An example of a collision is given demonstrating that our attack is of practical relevance.

引用

页码：253 / 271

页数：19

共 12 条

[1]

[Anonymous], 1321 RFC INT ACT BOA

[2]

DENBOER B, 1992, LECT NOTES COMPUT SC, V576, P194

[3]

RIPEMD with two-round compress function is not collision-free [J].

Dobbertin, H .

JOURNAL OF CRYPTOLOGY, 1997, 10 (01) :51-69

[4]

Dobbertin H., 1996, CRYPTOBYTES, V2, P1

[5]

DOBBERTIN H, 1997, 1 2 ROUNDS MD4 NOT O

[6]

Dobbertin H., 1996, LNCS, V1039, P71

[7]

*FIPS, 1995, 1801 FIPS NIST US DE

[8]

*RIPE, 1995, LECT NOT COMP SCI, V1007

[9]

RIVEST RL, 1992, 1320 RFC INT ACT BOA

[10]

ROBSHAW MJB, 1996, B RSA LAB, V4

← 1 2 →