• Corpus ID: 59637165

Cryptanalysis of MD5 Compress

  title={Cryptanalysis of MD5 Compress},
  author={Hans Dobbertin},
In 1991 the hash function MD5 was introduced by Ron Rivest as a strengthened version of MD4. Beside some other modi cations, the number of rounds is extended from three to four. In this short note we report about an attack on the compress function of MD5, which is based on similar methods as previous attacks on RIPEMD, MD4 and the 256-bit extension of MD4 (see [4], [5]). Below we give a collision of the compress function of MD5. Recall that in 1993 Bert den Boer and Antoon Bosselaers [3] showed… 
MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners
The first attack that allows collision attacks on combiners with a runtime below the birthday-bound of the smaller compression function is proposed, and potentially reduces the effort for a collision attack on a combiner like MD5||SHA-1 for the first time.
Collision Attack on the Full Extended MD4 and Pseudo-Preimage Attack on RIPEMD
  • G. Wang
  • Computer Science, Mathematics
    Journal of Computer Science and Technology
  • 2013
A collision attack on the full Extended MD4 and a pseudo-preimage attack onThe full RIPEMD respectively are proposed, which optimizes the complexity order for brute-force attack.
Constructing Secure Hash Functions by Enhancing Merkle-Damgård Construction
It is shown that the 3C construction is at least as secure as the MD construction against single-block and multi-block collision attacks and resists some known generic attacks that work on theMD construction.
Cryptanalysis of Full RIPEMD-128
A new cryptanalysis method for double-branch hash functions and it is shown that 16-year-old RIPEMD-128, one of the last unbroken primitives belonging to the MD-SHA family, might not be as secure as originally thought.
Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98
It is shown that one can find a collision pair from the original version of the hash function with probability 2-37 through the improved method and point out a weakness of the function comes from shift values dependent on message.
On the (In)Security of IDEA in Various Hashing Modes
This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers, and settles the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions.
Collision Attack for the Hash Function Extended MD4
This work gives a collision attack on the full Extended MD4 with a complexity of about 237, and provides a new reference to the collision analysis of other hash functions such as RIPEMD-160 etc. which consist of two lines.
Cryptanalysis of Hash Functions
The aim of this thesis is to evaluate the applicability of the recently developed biclique to the preimage attack performed by Sasaki and Aoki, which led to a slightly improved time complexity and a greatly improved memory complexity.
MD5 To Be Considered Harmful Someday
  • D. Kaminsky
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2004
Cryptanalysis of SHA-0 and Reduced SHA-1
This work uses new techniques for the cryptanalysis of hash functions to find a collision of the full SHA-0 which is the first published collision of this function, and very efficient collision attacks on reduced versions of SHA-1.


Cryptanalysis of MD4
  • H. Dobbertin
  • Computer Science, Mathematics
    Journal of Cryptology
  • 1998
The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.
Collisions for the compression function of MD5
An algorithm is described that establishes a work load of about 2 collisions for the first two rounds of the MD5 compression function to a collision for the entire four round function.
RIPEMD-160: A Strengthened Version of RIPEMD
A new version of RIPEMD with a 160-bit result is proposed, as well as a plug-in substitute for RIPEMd with a 128- bit result, and the software performance of several MD4-based algorithms is compared.
Ripe Integrity Primitives
  • Final report of RACE Integrity Primitives Evaluation
  • 1995
Cryptanalysis of MD4, Fast Software Encryption
  • LNCS
  • 1996
Ripe Integrity Primitives { Final report of RACE Integrity Primitives Evaluation (R1040)
  • RIPE Consortium
  • 1995
Secure hash standard, NIST, US Department of Commerce
  • FIPS
  • 1995
On pseudo-collisions in MD5
  • On pseudo-collisions in MD5
  • 1994
On pseudo-collisions in MD5, T echnical Report TR-102, version 1.1, RSA Laboratories
  • On pseudo-collisions in MD5, T echnical Report TR-102, version 1.1, RSA Laboratories
  • 1994
The MD5 message digest algorithm, R F C 1321
  • The MD5 message digest algorithm, R F C 1321
  • 1992