Abstract.
In 1990 Rivest introduced the hash function MD4. Two years later RIPEMD, a European proposal, was designed as a stronger mode of MD4. In 1995 the author found an attack against two of three rounds of RIPEMD. As we show in the present note, the methods developed to attack RIPEMD can be modified and supplemented such that it is possible to break the full MD4, while previously only partial attacks were known. An implementation of our attack allows us to find collisions for MD4 in a few seconds on a PC. An example of a collision is given demonstrating that our attack is of practical relevance.
Article PDF
Similar content being viewed by others
Author information
Authors and Affiliations
Additional information
Received 23 October 1995 and revised 31 August 1997
Rights and permissions
About this article
Cite this article
Dobbertin, H. Cryptanalysis of MD4. J. Cryptology 11, 253–271 (1998). https://doi.org/10.1007/s001459900047
Published:
Issue Date:
DOI: https://doi.org/10.1007/s001459900047