RFC 1186 (rfc1186) - Page 1 of 18


MD4 Message Digest Algorithm



Alternative Format: Original Text Document



Network Working Group                                         R. Rivest
Request for Comments: 1186          MIT Laboratory for Computer Science
                                                           October 1990


                    The MD4 Message Digest Algorithm

Status of this Memo

   This RFC is the specification of the MD4 Digest Algorithm.  If you
   are going to implement MD4, it is suggested you do it this way.  This
   memo is for informational use and does not constitute a standard.
   Distribution of this memo is unlimited.

Table of Contents

   1.  Abstract ....................................................    1
   2.  Terminology and Notation ....................................    2
   3.  MD4 Algorithm Description ...................................    2
   4.  Extensions ..................................................    6
   5.  Summary .....................................................    7
   6.  Acknowledgements ............................................    7
   APPENDIX - Reference Implementation .............................    7
   Security Considerations..........................................   18
   Author's Address.................................................   18

1. Abstract

   This note describes the MD4 message digest algorithm.  The algorithm
   takes as input an input message of arbitrary length and produces as
   output a 128-bit "fingerprint" or "message digest" of the input.  It
   is conjectured that it is computationally infeasible to produce two
   messages having the same message digest, or to produce any message
   having a given prespecified target message digest.  The MD4 algorithm
   is thus ideal for digital signature applications, where a large file
   must be "compressed" in a secure manner before being signed with the
   RSA public-key cryptosystem.

   The MD4 algorithm is designed to be quite fast on 32-bit machines.
   On a SUN Sparc station, MD4 runs at 1,450,000 bytes/second.  On a DEC
   MicroVax II, MD4 runs at approximately 70,000 bytes/second.  On a
   20MHz 80286, MD4 runs at approximately 32,000 bytes/second.  In
   addition, the MD4 algorithm does not require any large substitution
   tables; the algorithm can be coded quite compactly.

   The MD4 algorithm is being placed in the public domain for review and
   possible adoption as a standard.




Rivest