# A Study of the MD5 Attacks: Insights and Improvements

@inproceedings{Black2006ASO, title={A Study of the MD5 Attacks: Insights and Improvements}, author={John Black and Martin Cochran and Trevor Highland}, booktitle={FSE}, year={2006} }

MD5 is a well-known and widely-used cryptographic hash function. It has received renewed attention from researchers subsequent to the recent announcement of collisions found by Wang et al. [16]. To date, however, the method used by researchers in this work has been fairly difficult to grasp.
In this paper we conduct a study of all attacks on MD5 starting from Wang. We explain the techniques used by her team, give insights on how to improve these techniques, and use these insights to produce…

## 85 Citations

A Study of the MD 5 Collisions

- Computer Science
- 2010

Theoretical comparisons of two parallel and distributed exhaustive search methods are presented and Klima’s tunneling method is examined, which is the fastest and the most understood method of finding collisions in MD5.

New Message Differences for Collision Attacks on MD4 and MD5

- Computer ScienceIEICE Trans. Fundam. Electron. Commun. Comput. Sci.
- 2008

This paper proposes new message differences for collision attacks on MD4 and MD5 that can generate a collision with complexity of less than two MD4 computations, which is faster than the original Wang et al.'s attack, and moreover, than the all previous attacks.

Cube attacks on cryptographic hash functions

- Computer Science, Mathematics
- 2009

This thesis provides cryptanalysis of some of the SHA-3 candidates using a new cryptanalytical technique introduced a few months ago called cube attacks and shows that cube attacks can not only be applied to keyed cryptosystems but also to hash functions by way of a partial preimage attack.

Further Musings on the Wang et al. MD5 Collision: Improvements and Corrections on the Work of Hawkes, Paddon, and Rose

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2007

This paper will demonstrate that the complexity of the attack is only about half as great as they believed, and it will show that their Case Two does not succeed in fulfilling the conditions required for the collision differential to hold.

A CellBE-based HPC Application for the Analysis of Vulnerabilities in Cryptographic Hash Functions

- Computer Science, Mathematics2010 IEEE 12th International Conference on High Performance Computing and Communications (HPCC)
- 2010

This work presents a study of vulnerabilities in the SHA family, namely the SHA-0 and SHA-1 hash functions, based on a high-performance computing application run on the MariCel cluster available at the Barcelona Supercomputing Center.

Automatic Search of Differential Path in MD4

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

This paper obtains new differential paths for MD4, which improve upon previously known MD4 differential paths, and could be used to find new differentialpaths, and to build new attacks against MD4.

Weaknesses in the HAS-V Compression Function

- Computer Science, MathematicsICISC
- 2007

This article points out several structural weaknesses in HAS-V which lead to pseudo-collision attacks on HAS-Vs with tailored output and shows that (second) preimages can be found for HAS-v with a complexity of about 2162 hash computations.

Practical key-recovery attack against APOP, an MD5-based challenge-response authentication

- Computer Science, MathematicsInt. J. Appl. Cryptogr.
- 2008

This paper shows how to choose small parts of the colliding messages, which will allow to build the APOP attack, and shows that collision attacks can be used to attack real protocols, which means that finding collisions is a real threat.

Differential Fault Analysis on the MD5 Compression Function

- Computer ScienceJ. Comput.
- 2013

This paper proposes a new differential fault analysis on the MD5 compression function in the word-oriented random fault model and provides a new reference for the security analysis of the same structure of the hash compression functions.

Analysis and design of symmetric cryptographic algorithms

- Computer Science, Mathematics
- 2009

The first nontrivial preimage attacks on the (reduced) hash function MD5, and on the full HAVAL, and a general framework for distinguishers on symmetric cryptographic algorithms, based on the cube attacks of Dinur and Shamir are presented.

## References

SHOWING 1-10 OF 23 REFERENCES

How to Break MD5 and Other Hash Functions

- Computer Science, MathematicsEUROCRYPT
- 2005

A new powerful attack on MD5 is presented, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure.

Tunnels in Hash Functions: MD5 Collisions Within a Minute

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2006

Several tunnels in hash function MD5 are described, which decrease the average time of MD5 collision to 31 seconds, which can be used for finding collisions of other hash functions, such as SHA-1, 2.

Collisions for the compression function of MD5

- Computer Science
- 1993

In this paper an algorithm is described that finds collisions and establishes a work load of finding about 2l6 collisions for the first two rounds of the MD5 compression function to find a collision for the entire four round function.

Finding MD5 Collisions on a Notebook PC Using Multi-message Modifications

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2005

This paper independently developed methods for finding collisions of the MD5 hash function which work for any initialization value and which are quicker than the methods presented in [1, 8].

Collisions for the Compressin Function of MD5

- Computer ScienceEUROCRYPT
- 1993

In this paper an algorithm is described that finds collisions for the compression function of MD5 and results in an approximate relation between any four consecutive additive constants.

Advances in Cryptology

- Computer Science, MathematicsLecture Notes in Computer Science
- 2000

The undecidable word problem for groups and semlgroups is investigated as a basis for a public-key cryptosystem, and the type of cryptos System shown is randomized, with infinitely many ciphertexts corresponding t o each plaintext.

Musings on the Wang et al. MD5 Collision

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2004

Examination of the internal differences and conditions required for the attack to be successful suggests that an attacker cannot cause such collisions for HMAC-MD5 with complexity less than generic attacks.

A Design Principle for Hash Functions

- Mathematics, Computer ScienceCRYPTO
- 1989

Apart from suggesting a generally sound design principle for hash functions, the results give a unified view of several apparently unrelated constructions of hash functions proposed earlier, and suggests changes to other proposed constructions to make a proof of security potentially easier.

One-way hash functions

- Computer Science, Mathematics
- 1991

Sometimes what we also need is collision resistance: it is hard to find two random messages M and M1 such that H(M)=H(M1) This is called birthday attack and is based on a birthday paradox How many…

Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance

- Computer Science, MathematicsFSE
- 2004

Here is a modern treatment that acts to catalog, in one place and with carefully-considered nomenclature, the most basic security notions for cryptographic hash functions: collision resistance, preimage resistance, and second-preimage resistance.