Abstract
MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi free-start collision, in which the initial value of the hash function is replaced by a non-standard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Biham, E., Shamir, A.: Differential Cryptanalysis of the Data Encryption Standard. Springer, Heidelberg (1993)
Biham, E., Chen, R.: Near collision for SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)
den Boer, B., Bosselaers, A.: Collisions for the compression function of MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)
Chabaud, F., Joux, A.: Differential collisions in SHA-0. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, p. 56. Springer, Heidelberg (1998)
Cotini, S., Rivest, R.L., Robshaw, M.J.B., Lisa Yin, Y.: Security of the RC6TM Block Cipher, http://www.rsasecurity.com/rsalabs/rc6/
Damgård, I.B.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)
Dobbertin, H.: Cryptanalysis of MD4. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 53–69. Springer, Heidelberg (1996)
Dobbertin, H.: Cryptanalysis of MD5 compress. Presented at the rump session of Eurocrypt 1996
Dobbertin, H.: The status of MD5 after a recent attack. CryptoBytes 2(2) (1996), ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto2n2.pdf
Dobbertin, H.: RIPEMD with two round compress function is not collision-free. Journal of Cryptology 10, 51–69 (1997)
Dobbertin, H., Bosselaers, A., Preneel, B.: RIPEMD-160: A strengthened version of RIPEMD. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039. Springer, Heidelberg (1996)
FIPS 180-1. Secure hash standard, NIST, Washington D.C. US Department of Commerce. Springer, Heidelberg (1996)
FIPS 180-2. Secure Hash Standard (2002), http://csrc.nist.gov/publications/
Joux, A.: Collisions for SHA-0. Rump session of Crypto 2004 (2004)
Bosselaers, A., Preneel, B. (eds.): RIPE 1992. LNCS, vol. 1007. Springer, Heidelberg (1995)
Merkle, R.C.: One way hash function and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)
Rivest, R.L.: The MD4 message digest algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)
Rivest, R.L.: The MD5 message-digest algorithm, Request for Comments (RFC 1320), Internet Activities Board, Internet Privacy Task Force (1992)
Wang, X.Y., Guo, F.D., Lai, X.J., Yu, H.B.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. Rump session of Crypto 2004, E-print (2004)
Zheng, Y.L., Pieprzyk, J., Seberry, J.: HAVAL–A one-way hashing algorithm with variable length of output. In: Zheng, Y., Seberry, J. (eds.) AUSCRYPT 1992. LNCS, vol. 718. Springer, Heidelberg (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, X., Yu, H. (2005). How to Break MD5 and Other Hash Functions. In: Cramer, R. (eds) Advances in Cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11426639_2
Download citation
DOI: https://doi.org/10.1007/11426639_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25910-7
Online ISBN: 978-3-540-32055-5
eBook Packages: Computer ScienceComputer Science (R0)