Finding Preimages in Full MD5 Faster Than Exhaustive Search

  • Yu Sasaki
  • Kazumaro Aoki
Conference paper

DOI: 10.1007/978-3-642-01001-9_8

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5479)
Cite this paper as:
Sasaki Y., Aoki K. (2009) Finding Preimages in Full MD5 Faster Than Exhaustive Search. In: Joux A. (eds) Advances in Cryptology - EUROCRYPT 2009. EUROCRYPT 2009. Lecture Notes in Computer Science, vol 5479. Springer, Berlin, Heidelberg


In this paper, we present the first cryptographic preimage attack on the full MD5 hash function. This attack, with a complexity of 2116.9, generates a pseudo-preimage of MD5 and, with a complexity of 2123.4, generates a preimage of MD5. The memory complexity of the attack is 245 ×11 words. Our attack is based on splice-and-cut and local-collision techniques that have been applied to step-reduced MD5 and other hash functions. We first generalize and improve these techniques so that they can be more efficiently applied to many hash functions whose message expansions are a permutation of message-word order in each round. We then apply these techniques to MD5 and optimize the attack by considering the details of MD5 structure.


MD5 splice-and-cut local collision hash function one-way preimage 

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Yu Sasaki
    • 1
  • Kazumaro Aoki
    • 1
  1. 1.NTT Information Sharing Platform LaboratoriesNTT CorporationTokyoJapan

Personalised recommendations