H. Dobbertin, Cryptanalysis of MD4, Fast Software Encryption (Third Workshop on Cryptographic Algorithms, Cambridge 1996), Lecture Notes in Computer Science, Springer-Verlag 1996, pp. 55-72.  Home/Search   Document Not in Database   Summary   Related Articles

.... First Two Rounds of MD4 are Not One Way Hans Dobbertin German Information Security Agency e mail: dobbertin skom.rhein.de March 21, 1997 In [1] it was shown that there are very effective attacks leading to collisions for the hash function MD4 designed by R. Rivest [3] A summary of the status of hash functions of the MD4 family with respect to collision resistence can be found in [2] and [4] However, attacking the one wayness of a hash ....

.... M20 = 0x9919C508 M28 = 0x00000080 M5 = 0x4353212D M13 = 0x81BBD193 M21 = 0x9919C508 M6 = 0x4353212D M14 = 0x1DEF9763 M22 = 0x9919C508 M7 = 0x3E30333E M15 = 0xADE9028B M23 = 0x2FD7B0F9 1 The attack will be explained in the forth coming paper Cryptanalysis of MD4 (extended version of [1]) to appear in the Journal of Cryptology. We anticipate that a similar attack works for the last two rounds of MD4. Technical Details for Checking the Example. According to the padding rule, before processing, a message has to be extended by a bit string P = 100: 0 (bin) jj ; where is the ....

H. Dobbertin, Cryptanalysis of MD4, Fast Software Encryption (Third Workshop on Cryptographic Algorithms, Cambridge 1996), Lecture Notes in Computer Science, Springer-Verlag 1996, pp. 55-72.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC