Jie Liang,Xue-Jia Lai

DOI: https://doi.org/10.1007/s11390-007-9010-1

2007-01-01

Abstract:In this paper, we present a fast attack algorithm to find two-block collision of hash function MD5. The algorithm is based on the two-block collision differential path of MD5 that was presented by Wang et al . in the Conference EUROCRYPT 2005. We found that the derived conditions for the desired collision differential path were not sufficient to guarantee the path to hold and that some conditions could be modified to enlarge the collision set. By using technique of small range searching and omitting the computing steps to check the characteristics in the attack algorithm, we can speed up the attack of MD5 efficiently. Compared with the Advanced Message Modification technique presented by Wang et al ., the small range searching technique can correct 4 more conditions for the first iteration differential and 3 more conditions for the second iteration differential, thus improving the probability and the complexity to find collisions. The whole attack on the MD5 can be accomplished within 5 hours using a PC with Pentium4 1.70GHz CPU.

Xiaoyun Wang,Hongbo Yu

DOI: https://doi.org/10.1007/11426639_2

2005-01-01

Abstract:MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi free-start collision, in which the initial value of the hash function is replaced by a non-standard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL.

Wang Yu,Chen Jianhua,He Debiao

DOI: https://doi.org/10.1109/NSWCTC.2009.264

2009-01-01

Abstract:In 2005, collision resistance of several hash functions was broken by Wang et al. The strategy of determining message differential is the most important part of collision attacks against hash functions. So far, there are only three other message differentials attack published, one of which is 6 bits difference and two are I bit difference. In this paper, we propose a completely new attack with 2 bits differential. Our message differential of MD5 generates a collision with complexity of less than 2(41.5) MD5 computations. Although it is slower than the latest best attack, it will be useful in analyzing the security of related applications.

毛明,秦志光,陈少晖

DOI: https://doi.org/10.3724/sp.j.1087.2009.03174

2009-01-01

Journal of Computer Applications

Abstract:Based on the structural characteristics of the MD5 algorithm,the authors summarized the key points of deciphering the Hash function MD5: the introduction to the message differential,the control of the differential path and the satisfaction of the sufficient conditions. In the process of deciphering the MD5,three differences and the properties of the non-linear functions were introduced. The extensive form of the signed difference and the affection of the left shift rotation were applied in it. The important technique for attack of the MD5 algorithm,named technique of message modification,was cryptanalyzed in detail with an example. In general,the authors explored the key points of deciphering the MD5 algorithm form both the overall analysis and specific practice.

Wei Li,Zhi Tao,Dawu Gu,Yi Wang,Zhiqiang Liu,Ya Liu

DOI: https://doi.org/10.4304/jcp.8.11.2888-2894

2013-01-01

Journal of Computers

Abstract:The MD5, proposed by R. Riverst in 1992, is a widely used hash function with Merkle-Damgard structure. In the literature, many studies have been devoted to classical cryptanalysis on the MD5, such as the collision attack, the preimage attack etc. In this paper, we propose a new differential fault analysis on the MD5 compression function in the word-oriented random fault model. The simulating experimental results show that 144 random faults on average are required to obtain the current input message block. Our method not only increases the efficiency of fault injection, but also decreases the number of fault hash values. It provides a new reference for the security analysis of the same structure of the hash compression functions.

Yanzhao Shen,Ting Wu,Gaoli Wang,Xinfeng Dong,Haifeng Qian

DOI: https://doi.org/10.1093/comjnl/bxab109

2022-01-01

Abstract:Counter-cryptanalysis uses cryptanalytic techniques to detect cryptanalytic attacks. It was introduced by Stevens with a collision detection algorithm that detects whether a message is one of a colliding message pair constructed using a collision attack. Later, Stevens and Shumow improved the collision detection against SHA-1 by using unavoidable conditions. However, there are no results improving collision detection against MD5 due to its weak diffusion properties. In this paper, an improved collision detection algorithm against MD5 is proposed by using the 14-bit sufficient condition combinations. This leads to the dividing the 223 classes into four sets. Each element, belonging to the first two sets, holds the same sufficient condition combination. Our new algorithm can classify 126 classes efficiently. The runtime is 28.6% of the previous collision detection method.

Yu Sasaki,Lei Wang,Noboru Kunihiro,Kazuo Ohta

DOI: https://doi.org/10.1093/ietfec/e91-a.1.55

2008-01-01

Abstract:In 2005, collision resistance of several hash functions was broken by Wang et al. The strategy of determining message differences is the most important part of collision attacks against hash functions. So far, many researchers have tried to analyze Wang et al.'s method and proposed improved collision attacks. Although several researches proposed improved attacks, all improved results so far were based on the same message differences proposed by Wang et al. In this paper, we propose new message differences for collision attacks on MD4 and MD5. Our message differences of MD4 can generate a collision with complexity of less than two MD4 computations, which is faster than the original Wang et al.'s attack, and moreover, than the all previous attacks. This is the first result that improves the complexity of collision attack by using different message differences from Wang et al.'s. Regarding MD5, so far, no other message difference from Wang et al.'s is known. Therefore, study for constructing method of other message differences on MD5 should be interesting. Our message differences of MD5 generates a collision with complexity of 242 MD5 computations, which is slower than the latest best attack. However, since our attack needs only 1 bit difference, it has some advantages in terms of message freedom of collision messages.

Gaoli Wang

DOI: https://doi.org/10.1007/978-3-642-25243-3_19

2011-01-01

Abstract:Extended MD4 is a hash function proposed by Rivest in 1990 with a 256-bit hash value. The compression function consists of two different and independent parallel lines called Left Line and Right Line, and each line has 48 steps. The initial values of Left Line and Right Line are denoted by IV0 and IV1 respectively. Dobbertin proposed a collision attack for the compression function of Extended MD4 with a complexity of about 2(40) under the condition that the value for IV0 = IV1 is prescribed. In this paper, we gave a collision attack on the full Extended MD4 with a complexity of about 2(37). Firstly, we propose a collision differential path for both lines by choosing a proper message difference, and deduce a set of sufficient conditions that ensure the differential path hold. Then by using some precise message modification techniques to improve the success probability of the attack, we find two-block collisions of Extended MD4 with less than 2(37) computations. This work provides a new reference to the collision analysis of other hash functions such as RIPEMD-160 etc. which consist of two lines.

Zhangyi Wang,Bangju Wang,Huanguo Zhang

2007-01-01

Abstract:We use the evolutionary computation to study cryptographic hash functions. In finding collisions of hash functions, evolutionary algorithm can be used to find collisions of MD4 and MD5. In this paper, firstly we explain some basic idea about the evolutionary cryptography design and analysis. Then we present an algorithm that reduces the number of trials for finding collisions. Instead of manual computing, by evolutionary computing we can find new differential paths and new collision forms for MD4. For MD5, we use evolutionary computing to find "good" bits that make more conditions satisfied. By restricting search space, we can reduce search operation to 2(34) for the first block and 2(30) for the second block.

HONG Qi,ZHOU Qin-qin,WANG Yong-liang,CHEN Gao-feng

2013-01-01

Abstract:How to calculate the value of B in the critical path is the most key factor which affects the execution speed of traditional MD5 algorithm.In order to improve execution speed,this paper optimizes the critical path,and separates the add calculation to two steps to shorten the time of calculating value of B.Verilog Hardware Description Language(HDL) is adopted to describe the circuit structure and DC is used to get area and frequency data.Experimental result shows that execution frequency is 142.8 MHz and area is 85 678 μm2,and the improved algorithm’s speed is 1.989 times compared with traditional algorithm.

Lei Wang,Kazuo Ohta,Yu Sasaki,Kazuo Sakiyama,Noboru Kunihiro

DOI: https://doi.org/10.1587/transinf.e93.d.1087

2010-01-01

IEICE Transactions on Information and Systems

Abstract:Many hash-based authentication protocols have been proposed, and proven secure assuming that underlying hash functions are secure. On the other hand, if a hash function compromises, the security of authentication protocols based on this hash function becomes unclear. Therefore, it is significantly important to verify the security of hash-based protocols when a hash function is broken.In this paper, we will re-evaluate the security of two MD5-based authentication protocols based on a fact that MD5 cannot satisfy a required fundamental property named collision resistance. The target protocols are APOP (Authenticated Post Office Protocol) and NMAC (Nested Message Authentication Code), since they or their variants are widely used in real world. For security evaluation of APOP, we will propose a modified password recovery attack procedure, which is twice as fast as previous attacks. Moreover, our attack is more realistic, as the probability of being detected is lower than that of previous attacks. For security evaluation of MD5-based NMAC, we will propose a new key-recovery attack procedure, which has a complexity lower than that of previous attack. The complexity of our attack is 2(76), while that of previous attack is 2(100).**Moreover, our attack has another interesting point. NMAC has two keys: the inner key and the outer key. Our attack can recover the outer key partially without the knowledge of the inner key.

Renjie Chen,Yu Zhang,Jianzhong Zhang,Jingdong Xu

DOI: https://doi.org/10.1007/978-3-319-16050-4_15

2015-01-01

Abstract:Message Digest 5 (MD5) is an algorithm to produce a MAC (message authentication code), which has been specified for use in Internet Protocol Security [1]. There exists a large computational complexity in cracking the MD5 hash; hence, implementations on common computing systems become less practical. CUDA (Compute Unified Device Architecture) is a parallel computing platform and programming model invented by NVIDIA. It enables dramatic increases in computing performance by harnessing the power of the graphics processing unit (GPU). This paper puts forward a CUDA-based algorithm and its comprehensive optimizations for cracking the MD5 hash. The experimental results have shown that the peek speed of checking passwords based on GPU reaches 987 Mkey/s, which is 5470 times of that in CPU. It presents an efficient implementation for cracking the MD5 passwords through GPU; meanwhile, these results have demonstrated the potential applicability of GPU in the field of cryptanalysis.

Han Zhuoyu,Li Yongzhen

DOI: https://doi.org/10.1109/icpeca53709.2022.9719176

2022-01-01

Abstract:With the rapid popularity of the network, the development of information encryption technology has a significant role and significance in securing network security. The security of information has become an issue of concern to the whole society, and the study of cryptography has been increasingly concerned, and the hash function is the core of modern cryptography, the most common hash algorithms are MD5 series of algorithms, SHA series of algorithms. MD5 is a popular and excellent typical Hash encryption technology today, which is used for password management, electronic signature, spam screening. In this paper, we focus on the improved MD5 algorithm with more efficiency, focusing on the internal structure of MD5, and finally making it more efficient in retrieval.

Xiaoyun Wang,Xuejia Lai,Dengguo Feng,Hui Chen,Xiuyuan Yu

DOI: https://doi.org/10.1007/11426639_1

2005-01-01

Abstract:MD4 is a hash function developed by Rivest in 1990. It serves as the basis for most of the dedicated hash functions such as MD5, SHAx, RIPEMD, and HAVAL. In 1996, Dobbertin showed how to find collisions of MD4 with complexity equivalent to 220 MD4 hash computations. In this paper, we present a new attack on MD4 which can find a collision with probability 2− 2 to 2− 6, and the complexity of finding a collision doesn’t exceed 28 MD4 hash operations. Built upon the collision search attack, we present a chosen-message pre-image attack on MD4 with complexity below 28. Furthermore, we show that for a weak message, we can find another message that produces the same hash value. The complexity is only a single MD4 computation, and a random message is a weak message with probability 2− 122.The attack on MD4 can be directly applied to RIPEMD which has two parallel copies of MD4, and the complexity of finding a collision is about 218 RIPEMD hash operations.

Mary Cindy Ah Kioon,ZhaoShun Wang,Shubra Deb Das

DOI: https://doi.org/10.4028/www.scientific.net/amm.347-350.2706

2013-01-01

Abstract:Hashing algorithms are commonly used to convert passwords into hashes which theoretically cannot be deciphered. This paper analyses the security risks of the hashing algorithm MD5 in password storage and discusses different solutions, such as salts and iterative hashing. We propose a new approach to using MD5 in password storage by using external information, a calculated salt and a random key to encrypt the password before the MD5 calculation. We suggest using key stretching to make the hash calculation slower and using XOR cipher to make the final hash value impossible to find in any standard rainbow table.

Wang Xiaoyun,Feng Dengguo,Yu Xiuyuan

DOI: https://doi.org/10.1360/122004-107

2005-01-01

Abstract:In this paper, we give a fast attack against hash function—HAVAL-128. HAVAL was presented by Y. L. Zheng et al. at Auscrypto’92. It can be processed in 3, 4 or 5 passes, and produces 128, 160, 192, or 224-bit fingerprint. We break the HAVAL with 128-bit fingerprint. The conclusion is that, given any 1024-bit message m, we just make some modifications about m, and the modified message m can collide with another message m′ only with probability 1/27, where m′=m+Δm, in which Δm is a fixed difference selected in advance. In addition, two collision examples for HAVAL-128 are given in this paper.

Hongbo Yu,Xiaoyun Wang

DOI: https://doi.org/10.1007/978-3-540-76788-6_17

2007-01-01

Abstract:In this paper, we present a new type of multi-collision attack on the compression functions of both MD4 and 3-Pass HAVAL. Different from Joux's multi-collision attack, our method focuses on the multi-collision of the compression function. For MD4, we utilize two different feasible collision differential paths to find a 4-collision with about 2 21 MD4 computations. For 3-Pass HAVAL, we can find a 4-collision with complexity about 2(30) and a 8-near-collision with complexity 2(9).

Haiyan Yu,Xiaoyun Wang

2007-01-01

Abstract:In this paper, we present a new type of MultiCollision attack on the compression functions both of MD4 and 3-Pass HAVAL. For MD4, we utilize two feasible different collision differential paths to find a 4collision with 2 MD4 computations. For 3-Pass HAVAL, we present three near-collision differential paths to find a 8-NearCollision with 2 HAVAL computations.

Lei Wang,Kazuo Ohta,Noboru Kunihiro

DOI: https://doi.org/10.1587/transfun.e92.a.76

2009-01-01

Abstract:The most widely used hash functions from MD4 family have been broken, which lead to a public competition on designing new hash functions held by NIST. This paper focuses on one concept called near-collision resistance: computationally difficult to find a pair of messages with hash values differing in only few bits, which new hash functions should satisfy. In this paper, we will give a model of near-collisions on MD4, and apply it to attack protocols including HMAC/NMAC-MD4 and MD4(Password||Challenge). Our new outer-key recovery attacks on HMAC/NMAC-MD4 has a complexity of 272 online queries and 277 MD4 computations, while previous result was 288 online queries and 295 MD4 computations. Our attack on MD4(Password||Challenge) can recover 16 password characters with a complexity of 237 online queries and 221 MD4 computations, which is the first approach to attack such protocols.

Zhang-yi Wang,Huanguo Zhang,Zhongping Qin,Qingshu Meng

2006-01-01

Abstract:HAVAL is a cryptographic hash function proposed by Zheng et al. Van Rompay et al and Wang et al found collisions of full 3-Pass HAVAL. In this paper, we study the security of 4-Pass HAVAL. By analyzing the expanding of subtraction difference and differential characters of Boolean functions, we find collisions of full versions of 4-Pass HAVAL. The form of collisions is similar to the two-block collisions of MD5 proposed by Wang et al. With fixed carry method instead of multi-message modification, the computational complexity of the attack is about 230-232 for the first block and 227-229 for the second block. We use this method to find collisions of 4-Pass HAVAL in 3-4 hour on a common PC.