Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
FSE
2008
Springer
2008
Springer
MD4 is Not One-Way
MD4 is a hash function introduced by Rivest in 1990. It is still used in some contexts, and the most commonly used hash function (MD5, SHA-1, SHA-2) are based on the design principles of MD4. MD4 has been extensively studied and very efficient collision attacks are known, but it is still believed to be a one-way function. In this paper we show a partial pseudo-preimage attack on the compression function of MD4, using some ideas from previous cryptanalysis of MD4. We can choose 64 bits of the output for the cost of 232 compression function computations (the remaining bits are randomly chosen by the preimage algorithm). This gives a preimage attack on the compression function of MD4 with complexity 296 , and we extend it to an attack on the full MD4 with complexity 2102 . As far as we know this is the first preimage attack on a member of the MD4 family. Key words: MD4, hash function, cryptanalysis, preimage, one-way.
Real-time Traffic| Added | 26 Oct 2010 |
| Updated | 26 Oct 2010 |
| Type | Conference |
| Year | 2008 |
| Where | FSE |
| Authors | Gaëtan Leurent |
Comments (0)
Researcher Info
|
