A Fast Attack Algorithm on the MD5 Hash Function

Introduction Cryptographichashfunctions1-3]areimportant cryptographicprimitivesandusedinauthentica-tion,non-repudiation,electroniccommerceand encryptionschemes.Cryptographichashfunctions havetosatisfyrequirementsofonewaynessand collisionresistance4-7].Onesuchfamilyofhash functionsistheMDxfamily.Thisfamilyincludes hashfunctionssuchasMD5,SHA-1and RIPEMD-160.TheMD5hashfunctionwasproposedby Rivest2].AnattackonMD5waspresentedby Wang8].Butthedetailofattackalgorithmwasnot discovereduntil…

A Fast Attack Algorithm on the MD5 Hash Function

The sufficient conditions for keeping desired differential path of MD5 was discussed. By analyzing the expanding of subtraction difference, differential characters of Boolean functions, and the differential characters of shift rotation, the sufficient conditions for keeping desired differential path could be obtained. From the differential characters of shift rotation, the lacked sufficient conditions were found. Then an algorithm that reduces the number of trials for finding collisions were presented. By restricting search space, search operation can be reduced to 2 34 for the first block and 2 30 for the second block. The whole attack on the MD5 can be accomplished within 20 hours using a PC with 1.6 G CPU.