RFC 1320 (rfc1320) - Page 1 of 20


The MD4 Message-Digest Algorithm



Alternative Format: Original Text Document



Network Working Group                                          R. Rivest
Request for Comments: 1320           MIT Laboratory for Computer Science
Obsoletes: RFC 1186                          and RSA Data Security, Inc.
                                                              April 1992


                    The MD4 Message-Digest Algorithm

Status of thie Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard.  Distribution of this memo is
   unlimited.

Acknowlegements

   We would like to thank Don Coppersmith, Burt Kaliski, Ralph Merkle,
   and Noam Nisan for numerous helpful comments and suggestions.

Table of Contents

   1. Executive Summary                                                1
   2. Terminology and Notation                                         2
   3. MD4 Algorithm Description                                        2
   4. Summary                                                          6
   References                                                          6
   APPENDIX A - Reference Implementation                               6
   Security Considerations                                            20
   Author's Address                                                   20

1. Executive Summary

   This document describes the MD4 message-digest algorithm [1]. The
   algorithm takes as input a message of arbitrary length and produces
   as output a 128-bit "fingerprint" or "message digest" of the input.
   It is conjectured that it is computationally infeasible to produce
   two messages having the same message digest, or to produce any
   message having a given prespecified target message digest. The MD4
   algorithm is intended for digital signature applications, where a
   large file must be "compressed" in a secure manner before being
   encrypted with a private (secret) key under a public-key cryptosystem
   such as RSA.

   The MD4 algorithm is designed to be quite fast on 32-bit machines. In
   addition, the MD4 algorithm does not require any large substitution
   tables; the algorithm can be coded quite compactly.





Rivest