A Study of the MD5 Attacks: Insights and Improvements
- 1.4k Downloads
MD5 is a well-known and widely-used cryptographic hash function. It has received renewed attention from researchers subsequent to the recent announcement of collisions found by Wang et al. . To date, however, the method used by researchers in this work has been fairly difficult to grasp.
In this paper we conduct a study of all attacks on MD5 starting from Wang. We explain the techniques used by her team, give insights on how to improve these techniques, and use these insights to produce an even faster attack on MD5. Additionally, we provide an “MD5 Toolkit” implementing these improvements that we hope will serve as an open-source platform for further research.
Our hope is that a better understanding of these attacks will lead to a better understanding of our current collection of hash functions, what their strengths and weaknesses are, and where we should direct future efforts in order to produce even stronger primitives.
KeywordsCryptographic Hash Functions Differential Cryptanalysis MD5
- 1.Black, J., Cochran, M., Highland, T.: A study of the MD5 attacks: Insights and improvements (full version). Manuscript available at, http://www.cs.colorado.edu/~jrblack/papers.html
- 2.Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)Google Scholar
- 3.Daum, M.: Cryptanalysis of hash functions of the MD4 family. Dissertation, available at, http://www.cits.rub.de/imperia/md/content/magnus/dissmd4.pdf
- 4.den Boer, B., Bosselaers, A.: Collisions for the compression function of MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)Google Scholar
- 5.Dobbertin, H.: Cryptanalysis of MD5 compress. Presented at the rump session of EUROCRYPT 1996 (1996)Google Scholar
- 6.Hawkes, P., Paddon, M., Rose, G.G.: Musings on the Wang et al. MD5 collision (October 2004), See http://eprint.iacr.org/2004/264
- 7.Klima, V.: Tunnels in hash functions: MD5 collisions within a minute, See http://eprint.iacr.org/2006/105
- 8.Klima, V.: Finding MD5 collisions: A toy for a notebook (March 2005), See http://eprint.iacr.org/2005/075
- 9.Klima, V.: Finding MD5 collisions on a notebook PC using multi-message modifications. In: International Scientific Conference Security and Protection of Information (May 2005)Google Scholar
- 10.Merkle, R.C.: One way hash functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)Google Scholar
- 11.Rivest, R.: The MD5 message-digest algorithm. RFC 1321 (April 1992)Google Scholar
- 12.Rogaway, P., Shrimpton, T.: Cryptographic hash-function basics: Definitions, implications and separations for preimage resistance, second-preimage resistance, and collision resistance. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 371–388. Springer, Heidelberg (2004)CrossRefGoogle Scholar
- 13.Stach, P., Liu, V.: MD5 collision generation. Code, available at, http://www.stachliu.com/collisions.html
- 14.Stevens, M.: HashClash, See http://www.win.tue.nl/hashclash/