| General | |
|---|---|
| Designers | Ronald Rivest |
| First published | October 1990[1] |
| Series | MD2, MD4, MD5, MD6 |
| Cipher detail | |
| Digest sizes | 128 bits |
| Block sizes | 512 bits |
| Rounds | 3 |
| Best public cryptanalysis | |
| A collision attack published in 2007 can find collisions for full MD4 in less than two hash operations.[2] | |
The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990.[3] The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" stands for "Message Digest".
The security of MD4 has been severely compromised. The first full collision attack against MD4 was published in 1995, and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than two MD4 hash operations.[2] A theoretical preimage attack also exists.
A variant of MD4 is used in the ed2k URI scheme to provide a unique identifier for a file in the popular eDonkey2000 / eMule P2P networks. MD4 was also used by the rsync protocol (prior to version 3.0.0).
MD4 is used to compute NTLM password-derived key digests on Microsoft Windows NT, XP, Vista, 7, 8, 10 and 11.[4]
- ^ Rivest, Ronald L. (October 1990). "The MD4 Message Digest Algorithm". Network Working Group. Retrieved 2011-04-29.
- ^ a b Yu Sasaki; et al. (2007). "New message difference for MD4" (PDF).
{{cite journal}}: Cite journal requires|journal=(help) - ^ "What are MD2, MD4, and MD5?". Public-Key Cryptography Standards (PKCS): PKCS #7: Cryptographic Message Syntax Standard: 3.6 Other Cryptographic Techniques: 3.6.6 What are MD2, MD4, and MD5?. RSA Laboratories. Archived from the original on 2011-09-01. Retrieved 2011-04-29.
- ^ "5.1 Security Considerations for Implementors". Retrieved 2011-07-21.
Deriving a key from a password is as specified in [RFC1320] and [FIPS46-2].