An Attack on the Last Two Rounds of MD4 (1991)
| Citations: | 30 - 4 self |
BibTeX
@MISC{Boer91anattack,
author = {Bert den Boer and Antoon Bosselaers},
title = {An Attack on the Last Two Rounds of MD4},
year = {1991}
}
Bookmark
 |
 |
 |
 |
 |
 |
OpenURL
Abstract
In [Rive90] the MD4 message digest algorithm was introduced taking an input message of arbitrary length and producing an output 128-bit message digest. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message. In this paper it is shown that if the three round MD4 algorithm is stripped of its first round, it is possible to find for a given (initial) input value two different messages hashing to the same output. A computer program implementing this attack takes about 1 millisecond on a 16 Mhz IBM PS/2 to find such a collision. 1 Introduction The MD4 Message Digest Algorithm, by Ronald L. Rivest and RSA Data Security, Inc., is intended for file hashing: it accepts arbitrarily large inputs and produces an output of 128 bits. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having ...
Citations
No citations identified.
