# Cryptanalysis of MD5 Compress

@inproceedings{Dobbertin1996CryptanalysisOM, title={Cryptanalysis of MD5 Compress}, author={Hans Dobbertin}, year={1996} }

In 1991 the hash function MD5 was introduced by Ron Rivest as a strengthened version of MD4. Beside some other modi cations, the number of rounds is extended from three to four. In this short note we report about an attack on the compress function of MD5, which is based on similar methods as previous attacks on RIPEMD, MD4 and the 256-bit extension of MD4 (see [4], [5]). Below we give a collision of the compress function of MD5. Recall that in 1993 Bert den Boer and Antoon Bosselaers [3] showed…

No Paper Link Available

## 81 Citations

MD5 Is Weaker Than Weak: Attacks on Concatenated Combiners

- Mathematics, Computer ScienceASIACRYPT
- 2009

The first attack that allows collision attacks on combiners with a runtime below the birthday-bound of the smaller compression function is proposed, and potentially reduces the effort for a collision attack on a combiner like MD5||SHA-1 for the first time.

Collision Attack on the Full Extended MD4 and Pseudo-Preimage Attack on RIPEMD

- Computer Science, MathematicsJournal of Computer Science and Technology
- 2013

A collision attack on the full Extended MD4 and a pseudo-preimage attack onThe full RIPEMD respectively are proposed, which optimizes the complexity order for brute-force attack.

Constructing Secure Hash Functions by Enhancing Merkle-Damgård Construction

- Computer Science, MathematicsACISP
- 2006

It is shown that the 3C construction is at least as secure as the MD construction against single-block and multi-block collision attacks and resists some known generic attacks that work on theMD construction.

Cryptanalysis of Full RIPEMD-128

- Computer Science, MathematicsJournal of Cryptology
- 2015

A new cryptanalysis method for double-branch hash functions and it is shown that 16-year-old RIPEMD-128, one of the last unbroken primitives belonging to the MD-SHA family, might not be as secure as originally thought.

Full-Round Differential Attack on the Original Version of the Hash Function Proposed at PKC'98

- Computer Science, MathematicsSelected Areas in Cryptography
- 2002

It is shown that one can find a collision pair from the original version of the hash function with probability 2-37 through the improved method and point out a weakness of the function comes from shift values dependent on message.

On the (In)Security of IDEA in Various Hashing Modes

- Computer Science, MathematicsFSE
- 2012

This work shows a practical example of the gap that exists between secret-key and known or chosen-key security for block ciphers, and settles the 20-year-old standing open question concerning the security of the Abreast-DM and Tandem-DM double-length compression functions.

Collision Attack for the Hash Function Extended MD4

- Computer Science, MathematicsICICS
- 2011

This work gives a collision attack on the full Extended MD4 with a complexity of about 237, and provides a new reference to the collision analysis of other hash functions such as RIPEMD-160 etc. which consist of two lines.

Cryptanalysis of Hash Functions

- Computer Science
- 2012

The aim of this thesis is to evaluate the applicability of the recently developed biclique to the preimage attack performed by Sasaki and Aoki, which led to a slightly improved time complexity and a greatly improved memory complexity.

Cryptanalysis of SHA-0 and Reduced SHA-1

- Computer Science, MathematicsJournal of Cryptology
- 2014

This work uses new techniques for the cryptanalysis of hash functions to find a collision of the full SHA-0 which is the first published collision of this function, and very efficient collision attacks on reduced versions of SHA-1.

## References

SHOWING 1-10 OF 11 REFERENCES

Cryptanalysis of MD4

- Computer Science, MathematicsJournal of Cryptology
- 1998

The methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known.

Collisions for the compression function of MD5

- Computer Science
- 1993

An algorithm is described that establishes a work load of about 2 collisions for the first two rounds of the MD5 compression function to a collision for the entire four round function.

RIPEMD-160: A Strengthened Version of RIPEMD

- Computer ScienceFSE
- 1996

A new version of RIPEMD with a 160-bit result is proposed, as well as a plug-in substitute for RIPEMd with a 128- bit result, and the software performance of several MD4-based algorithms is compared.

Ripe Integrity Primitives

- Final report of RACE Integrity Primitives Evaluation
- 1995

Cryptanalysis of MD4, Fast Software Encryption

- LNCS
- 1996

Ripe Integrity Primitives { Final report of RACE Integrity Primitives Evaluation (R1040)

- RIPE Consortium
- 1995

Secure hash standard, NIST, US Department of Commerce

- FIPS
- 1995

On pseudo-collisions in MD5

- On pseudo-collisions in MD5
- 1994

On pseudo-collisions in MD5, T echnical Report TR-102, version 1.1, RSA Laboratories

- On pseudo-collisions in MD5, T echnical Report TR-102, version 1.1, RSA Laboratories
- 1994

The MD5 message digest algorithm, R F C 1321

- The MD5 message digest algorithm, R F C 1321
- 1992