RFC 1320 (rfc1320) - Page 1 of 20
The MD4 Message-Digest Algorithm
Alternative Format: Original Text Document
Network Working Group R. Rivest Request for Comments: 1320 MIT Laboratory for Computer Science Obsoletes: RFC 1186 and RSA Data Security, Inc. April 1992 The MD4 Message-Digest Algorithm Status of thie Memo This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited. Acknowlegements We would like to thank Don Coppersmith, Burt Kaliski, Ralph Merkle, and Noam Nisan for numerous helpful comments and suggestions. Table of Contents 1. Executive Summary 1 2. Terminology and Notation 2 3. MD4 Algorithm Description 2 4. Summary 6 References 6 APPENDIX A - Reference Implementation 6 Security Considerations 20 Author's Address 20 1. Executive Summary This document describes the MD4 message-digest algorithm [1]. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD4 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA. The MD4 algorithm is designed to be quite fast on 32-bit machines. In addition, the MD4 algorithm does not require any large substitution tables; the algorithm can be coded quite compactly. Rivest
