Page 435 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 435
still be found in use today.
Several mathematicians have published papers documenting flaws in
the full version of MD4 as well as improperly implemented versions of
MD4. In particular, Hans Dobbertin published a paper in 1996
outlining how a modern personal computer could be used to find
collisions for MD4 message digests in less than one minute. For this
reason, MD4 is no longer considered to be a secure hashing algorithm,
and its use should be avoided if at all possible.
MD5
In 1991, Rivest released the next version of his message digest
algorithm, which he called MD5. It also processes 512-bit blocks of the
message, but it uses four distinct rounds of computation to produce a
digest of the same length as the MD2 and MD4 algorithms (128 bits).
MD5 has the same padding requirements as MD4—the message length
must be 64 bits less than a multiple of 512 bits.
MD5 implements additional security features that reduce the speed of
message digest production significantly. Unfortunately, recent
cryptanalytic attacks demonstrated that the MD5 protocol is subject to
collisions, preventing its use for ensuring message integrity.
Specifically, Arjen Lenstra and others demonstrated in 2005 that it is
possible to create two digital certificates from different public keys
that have the same MD5 hash.
Table 7.1 lists well-known hashing algorithms and their resultant hash
value lengths in bits. Earmark this page for memorization.
TABLE 7.1 Hash algorithm memorization chart
Name Hash value length
Hash of Variable Length (HAVAL)—an 128, 160, 192, 224, and
MD5 variant 256 bits
Hash Message Authenticating Code Variable
(HMAC)
Message Digest 2 (MD2) 128
