Computer Science
Computer Catlog
Cryptography Catlog

Caesar Cipher
Digital Signature
Public key cryptography
Symmetric vs. public-key
Key Management
Stream Ciphers
Self-Synchronizing Ciphers
Feedback Shift Registers
Modes of Operation
Multiple Encryption
Transposition Ciphers
Substitution Ciphers
Poly-alpha Substitutions
Poly-alpha Cipher Machine
Cryptanalysis Ciphers
Data Encryption Standard
DES Algorithm
IDEA Algorithm
RC5 Algorithm
RSA Encryption
Rabin Encryption
ElGamal Encryption
MD4 & MD5
Secure Hash Algorithm
Kerberos Authentication
Diffie-Hellman protocols
Key Management Life Cycle


    MD4 is a 128-bit hash function. The original MD4 design goals were that breaking it should require roughly brute-force effort: finding distinct messages with the same hash-value should take about 264 operations, and finding a message yielding a pre-specified hash-value about 2128 operations. It is now known that MD4 fails to meet this goal. Nonetheless, a full description of MD4 is included as Algorithm for historical and cryptanalytic reference. It also serves as a convenient reference for describing, and allowing comparisons between, other hash functions in this family.

    MD4 collisions: Collisions have been found for MD4 in 220 compression function computations. For this reason, MD4 is no longer recommended for use as a collision-resistant hash function. While its utility as a one-way function has not been studied in light of this result, it is prudent to expect a preimage attack on MD4 requiring fewer than 2128 operations will be found.


    MD5 was designed as a strengthened version of MD4, prior to actual MD4 collisions being found. It has enjoyed widespread use in practice. It has also now been found to have weaknesses.

The changes made to obtain MD5 from MD4 are as follows:

    1. addition of a fourth round of 16 steps, and a Round 4 function

    2. replacement of the Round 2 function by a new function

    3. modification of the access order for message words in Rounds 2 and 3

    4. modification of the shift amounts (such that shifts differ in distinct rounds)

    5. use of unique additive constants in each of the 4*16 steps, based on the integer
        part of 232 . sin(j) for step j (requiring overall, 256 bytes of storage)

    6. addition of output from the previous step into each of the 64 steps.

    MD5 compression function collisions: While no collisions for MD5 have yet been found, collisions have been found for the MD5 compression function. More specifically, these are called collisions for random IV.