Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD

1 Collisions for MD5 MD5 is the hash function designed by Ron Rivest [9] as a strengthened version of MD4[8]. In 1993 Bert den Boer and Antoon Bosselaers [1] found pseudo-collision for MD5 which is made of the same message with two different sets of initial value. H. Dobbertin[3] found another kind of collision which consists of two different 512-bit messages with a chosen initial value 0 V I ′. ED BA x C B F x C B AC x A V I 763 4 0 D , 97 62 5 0 , 341042 3 0x B , 2375 12 0 : 0 0 0 0 0 = ′ = ′ = ′ = ′ ′ Our attack can find many real collisions which are composed of two 1024-bit messages with the original initial value 0 IV of MD5. 76543210 0 , 98 0 , 89 0 , 01234567 0 : 0 0 0 0 0 x D xfedcba C abcdef x B x A IV = = = = 31 15 31 1 1 = = ∆ ∆ + = ′ s C C M M k k 31 15 31 2 2 = − = ∆ ∆ + = ′ s C C M M ki ki such that) , (5) , (5 i i N M MD N M MD ′ ′ = On IBM P690 it takes about one hour to find such M and M ′ , after that, it takes only 15 seconds to 5 minutes to find i N and i N ′ , so that) , (i N M and) , (i N M ′ ′ will produce the same hash same value. The following are two pairs of 1024-bit messages producing collisions, the two examples have the same 1-st half 512 bits.