Can someone with the knowledge please tell me the theory behing making MD4 hashes and CRC's? I need to know how i would program it. Thx!
Posted on 2001-10-16 16:38:06 by nin
hash functions are one-way functions, that is, it' s easy to compute the hash of a data, but hard to get the data associated to the string - and hard to get another data that has the same hash. it' s usually used in cryptography, to have signatures of data. you better get md5 that md4, it' s faster. crc32 is fast, be not very secure. a good hash function is sha-1. there are already some implementations of md5 in asm, check www.win32asm.cjb.net =)

roy
Posted on 2001-10-17 10:26:01 by roy
a quick google, & i found that a lot of folks are claiming that md4 is easy to crack. i'm more into hobby factorization than cryptography directly so it's only hearsay at this point.
Posted on 2001-10-17 17:13:28 by rafe
md4 is not *easy* to "break".
md4 has no *real* meaning as a protection, it' s been done for signatures.
md4/5 is used to protect unix system in that way : you don' t store the password, you store the md4/5 hash of the password, so nobody can directly steal the pass without *bruteforcing* it, that is, trying every possibilities. i don' t think there are any special weakness to make an attack easier in md4.

roy
Posted on 2001-10-20 11:11:31 by roy
http://www.rsa.com/rsalabs/faq/3-6-6.html

Roy, I'm only reporting what I read at the above link. I didn't drink the coolade either pro or con on md4 but here's the quote that caught my eye...
MD4 was developed by Rivest in 1990. The message is padded to ensure that its length in bits plus 64 is divisible by 512. A 64-bit binary representation of the original length of the message is then concatenated to the message. The message is processed in 512-bit blocks in the Damg?rd/Merkle iterative structure (see Question 2.1.6), and each block is processed in three distinct rounds. Attacks on versions of MD4 with either the first or the last rounds missing were developed very quickly by Den Boer, Bosselaers and others. Dobbertin has shown how collisions for the full version of MD4 can be found in under a minute on a typical PC. In recent work, Dobbertin (Fast Software Encryption, 1998) has shown that a reduced version of MD4 in which the third round of the compression function is not executed but everything else remains the same, is not one-way. Clearly, MD4 should now be considered broken.
emphasis mine. I do however think the folks at the above link are serious about cryptography... it's their business.
Posted on 2001-10-21 13:49:54 by rafe