MD4

The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms. The initialism "MD" stands for "Message Digest". The security of MD4 has been severely compromised. The first full collision attack against MD4 was published in 1995, and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations. A theoretical also exists. A variant of MD4 is used in the ed2k URI scheme to provide a unique identifier for a file in the popular eDonkey2000 / eMule P2P networks. MD4 was also used by the rsync protocol (prior to version 3.0.0). MD4 is used to compute NTLM password-derived key digests on Microsoft Windows NT, XP, Vista, 7, 8, 10 and 11. Weaknesses in MD4 were demonstrated by Den Boer and Bosselaers in a paper published in 1991. The first full-round MD4 collision attack was found by Hans Dobbertin in 1995, which took only seconds to carry out at that time. In August 2004, Wang et al. found a very efficient collision attack, alongside attacks on later hash function designs in the MD4/MD5/SHA-1/RIPEMD family. This result was improved later by Sasaki et al., and generating a collision is now as cheap as verifying it (a few microseconds). In 2008, the of MD4 was also broken by Gaëtan Leurent, with a 2102 attack. In 2010 Guo et al published a 299.7 attack. In 2011, RFC 6150 stated that RFC 1320 (MD4) is historic (obsolete). The 128-bit (16-byte) MD4 hashes (also termed message digests) are typically represented as 32-digit hexadecimal numbers. The following demonstrates a 43-byte ASCII input and the corresponding MD4 hash: MD4("The quick brown fox jumps over the lazy og") = 1bee69a46ba811185c194762abaeae90 Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g.