# MD4

> obsolete cryptographic hash function

**Wikidata**: [Q1144542](https://www.wikidata.org/wiki/Q1144542)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/MD4)  
**Source**: https://4ort.xyz/entity/md4

## Summary
MD4 is an obsolete cryptographic hash function designed by Ron Rivest in 1990. It was the predecessor to MD5 and was later deprecated due to security vulnerabilities. MD4 is now considered cryptographically broken and unsuitable for further use.

## Key Facts
- MD4 was created by Ron Rivest in 1990
- It is classified as a cryptographic hash function
- MD4 was followed by MD5 as the next version in the series
- The algorithm has been assigned multiple ITU/ISO/IEC object identifiers including 1.2.840.113549.2.4
- MD4 is described in RFC 1186, RFC 1320, and RFC 6150
- The function has been marked as obsolete and moved to historic status in RFC 6150
- MD4 has 22 sitelinks across Wikipedia language editions
- It is described as an obsolete cryptographic hash function in Wikidata

## FAQs
### Q: What is MD4 used for?
A: MD4 was originally designed for cryptographic applications requiring data integrity verification. However, due to discovered vulnerabilities, it is no longer considered secure for any cryptographic purpose and should not be used in modern applications.

### Q: Who created MD4 and when?
A: MD4 was created by Ron Rivest in 1990. It was one of his early cryptographic hash function designs that preceded the more widely used MD5 algorithm.

### Q: Why is MD4 considered obsolete?
A: MD4 is considered obsolete because cryptanalytic attacks have been discovered that can break its security properties. The algorithm is vulnerable to collision attacks, making it unsuitable for any security-sensitive applications.

### Q: What replaced MD4?
A: MD5 replaced MD4 as the next iteration in the Message Digest series. However, MD5 itself has since been found vulnerable and has been superseded by more secure hash functions like SHA-2 and SHA-3.

### Q: Where can I find the MD4 specification?
A: The MD4 specification is documented in RFC 1320 (The MD4 Message-Digest Algorithm) and RFC 1186. The algorithm was later moved to historic status in RFC 6150.

## Why It Matters
MD4 holds historical significance as an important milestone in the development of cryptographic hash functions. As one of Ron Rivest's early designs, it helped establish the foundation for modern cryptographic hashing and demonstrated both the potential and limitations of such algorithms. The vulnerabilities discovered in MD4 provided crucial lessons about the importance of rigorous security analysis and the need for ongoing evaluation of cryptographic primitives. Its obsolescence serves as a reminder that even well-designed cryptographic systems can become vulnerable over time as attack techniques advance. MD4's legacy continues to influence how we approach cryptographic design, emphasizing the need for conservative security margins and the importance of planning for eventual replacement of cryptographic primitives. The algorithm's journey from cutting-edge technology to deprecated standard illustrates the evolutionary nature of cryptography and the constant arms race between security designers and attackers.

## Notable For
- Being the predecessor to the widely used MD5 hash function
- Being one of Ron Rivest's early cryptographic hash function designs
- Being formally deprecated and moved to historic status in RFC 6150
- Having multiple ITU/ISO/IEC object identifiers assigned for standardization
- Serving as an important case study in cryptographic vulnerability research

## Body
### Technical Specifications
MD4 produces a 128-bit (16-byte) hash value, typically rendered as a 32-digit hexadecimal number. The algorithm processes input in 512-bit blocks and uses a Merkle-Damgård construction with a compression function that operates on 32-bit words.

### Security History
MD4 was found to be vulnerable to collision attacks as early as 1995, with collisions being practically demonstrated by 2004. The weaknesses in MD4 directly informed improvements in subsequent designs like MD5 and SHA-1, though these too would later prove vulnerable.

### Standardization
The algorithm was standardized through multiple RFC documents, with RFC 1320 providing the initial specification and RFC 6150 later marking it as historic. It also received ITU/ISO/IEC object identifiers, indicating its adoption in various international standards.

### Current Status
MD4 is considered cryptographically broken and unsuitable for further use. Modern security standards explicitly prohibit the use of MD4 in any security-sensitive context, and most software libraries have removed or deprecated MD4 implementations.

### Historical Context
MD4 was developed during a period of rapid advancement in public-key cryptography and cryptographic hashing. It represented an attempt to create a fast, efficient hash function suitable for both cryptographic and non-cryptographic applications, though its security shortcomings ultimately limited its practical utility.

## References

1. Freebase Data Dumps. 2013