Browse Prior Art Database

The MD4 Message-Digest Algorithm (RFC1320) Disclosure Number: IPCOM000002142D
Original Publication Date: 1992-Apr-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 17 page(s) / 30K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Rivest: AUTHOR


Status of thie Memo

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group R. Rivest

Request for Comments: 1320 MIT Laboratory for Computer Science

Obsoletes: RFC 1186 and RSA Data Security, Inc.

April 1992

The MD4 Message-Digest Algorithm

Status of thie Memo

This memo provides information for the Internet community. It does

not specify an Internet standard. Distribution of this memo is



We would like to thank Don Coppersmith, Burt Kaliski, Ralph Merkle,

and Noam Nisan for numerous helpful comments and suggestions.

Table of Contents

1. Executive Summary 1

2. Terminology and Notation 2

3. MD4 Algorithm Description 2

4. Summary 6

References 6

APPENDIX A - Reference Implementation 6

Security Considerations 20

Author's Address 20

1. Executive Summary

This document describes the MD4 message-digest algorithm [1]. The

algorithm takes as input a message of arbitrary length and produces

as output a 128-bit "fingerprint" or "message digest" of the input.

It is conjectured that it is computationally infeasible to produce

two messages having the same message digest, or to produce any

message having a given prespecified target message digest. The MD4

algorithm is intended for digital signature applications, where a

large file must be "compressed" in a secure manner before being

encrypted with a private (secret) key under a public-key cryptosystem

such as RSA.

The MD4 algorithm is designed to be quite fast on 32-bit machines. In

addition, the MD4 algorithm does not require any large substitution

tables; the algorithm can be coded quite compactly.

The MD4 algorithm is being placed in the public domain for review and

possible adoption as a standard.

This document replaces the October 1990 RFC 1186 [2]. The main

difference is that the reference implementation of MD4 in the

appendix is more portable.

For OSI-based applications, MD4's object identifier is


{iso(1) member-body(2) US(840) rsadsi(113549) digestAlgorithm(2) 4}

In the X.509 type AlgorithmIdentifier [3], the parameters for MD4

should have type NULL.

2. Terminology and Notation

In this document a "word" is a 32-bit quantity and a "byte" is an

eight-bit quantity. A sequence of bits can be interpreted in a

natural manner as a sequence of bytes, where each consecutive group

of eight bits is interpreted as a byte with the high-order (most

significant) bit of each byte listed first. Similarly, a sequence of

bytes can be in...