Cryptanalysis of MD5 Compress (1996) [8 citations — 0 self]
http://www.securitytechnet.com/crypto/algorithm/..
http://www.cs.ru.ac.za/courses/Honours/mmcourse/se
http://www.epm.ornl.gov/~dunigan/md5crack.ps
CACHED:
|
Popular Tags
No tags have been applied to this document.
BibTeX | Add To MetaCart
author = {Hans Dobbertin},
title = {Cryptanalysis of MD5 Compress},
booktitle = {In Rump Session of EuroCrypt ’96},
year = {1996},
pages = {68442},
publisher = {Annoucement}
}
Bookmarks
OpenURL
Abstract:
In this short note we report about an attack on the compress function of MD5, which is based on similar methods as previous attacks on RIPEMD, MD4 and the 256-bit extension of MD4. Below we give a collision of the compress function of MD5. Use the initial value IV = 0x12AC2375 0x3B341042 0x5F62B97C 0x4BA763ED; and define the first input X by setting: X0 = 0xAA1DDA5E X1 = 0xD97ABFF5 X2 = 0x55F0E1C1 X3 = 0x32774244 X4 = 0x1006363E X5 = 0x7218209D X6 = 0xE01C135D X7 = 0x9DA64D0E X8 = 0x98A1FB19 X9 = 0x1FAE44B0 X10 = 0x236BB992 X11 = 0x6B7A669B X12 = 0x1326ED65 X13 = 0xD93E0972 X14 = 0xD458C868 X15 = 0x6B72746A. The second input Y is defined by setting Y = X except Y14 = X14 + 0x200. Then we have a collision, i.e. MD5-compress(IV, X) = MD5-compress(IV, Y); and this common compress value is 0xBF90E670 0x752AF92B 0x9CE4E3E1 0xB12CF8DE.
Citations
| 287 | The MD5 Message Digest Algorithm – Rivest - 1992 |
| 47 | Secure hash standard – FIPS - 1995 |
| 42 | Collisions for the compression function of MD5 – Boer, Bosselaers - 1994 |
| 21 | RIPEMD-160: A Strengthened Version – Dobbertin, Bosselaers, et al. - 1996 |
| 19 | RIPEMD with two-round compress function is not collision-free – Dobbertin - 1997 |
| 11 | Cryptanalysis of MD4,” Fast Software Encryption – DOBBERTIN - 1996 |
| 1 | Ripe Integrity Primitives -- Final report – Consortium - 1995 |
| 1 | On pseudo-collisions in MD5, Technical Report TR-102, version 1.1, RSA Laboratories – Robshaw - 1994 |
| 1 | On pseudo-collisions in MD5 – Robshaw - 1994 |
