MD4 is an hash algorithm (the four in series) created by Ronald Rivest in MIT at 1990. The hash has a length of 128 bits. The algorithm has influenced posterior design like MD5, SHA family and RIPEMD.

*Based on RFC 1320.*^{1)}

**Parameter**: A message with length in bits ⇐ 2^{64}.

**Output**: The hash of the message with length in bits = 128.

- Padding of the message: Extend the message until the length in bits has to be congruent 448 mod 512. This always happen, even if the message already are congruent 448 mod 512. The padding occur in this manner: The bit 1 is added at the end of the message and then bits 0 are added until padding condition is meet.
- A representation of 64 bits of the length of the message(in bits) before the extension is added at the end of the message in format ”
*little endian*”. - A cycle is made ripping the message in parts of 16 words(length of word are 32 bits).
- For each part a compress function is applied.

For evaluating the strength of a hash function 2 concepts are in use.

- Resistant to preimage attack: Given the hash obtain a message that has that hash .
- Resistant to collision attack: Obtain two message that has the same hash.

Since his born **MD4** has been criticized for his security even by the same Ronald Rivest because **MD4** has been design thinking in performance before all. In 1991 **Den Boer y Bosselaers** show that **MD4** without the first round are collision-weak ^{2)}. In 1996 **H. Dobbertin** develop a collision attack with probability 2^{-22} ^{3)}. Also show how find message with real meaning. In 1998 he show that **MD4** without one round are preimage-weak^{4)}. Since 2004 until now a lot of collision attacks has been develop ^{5)} ^{6)} ^{7)} ^{8)} ^{9)} ^{10)} ^{11)} finding collisions very efficient(even with manual calculation) ^{12)}.

Recently there are various preimage attacks. A Microsoft research group found preimage in reduced-MD4 (2 rounds and 7 steps) ^{13)}. Gaëtan Leurent show a preimage attack with complexity 2^{102} ^{14)}.

All this show that **MD4** are very weak and nobody could use it.

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported