Finding Preimages in Full MD5 Faster Than Exhaustive Search

In this paper, we present the first cryptographic preimage attack on the full MD5 hash function. This attack, with a complexity of 2, generates a pseudo-preimage of MD5 and, with a complexity of 2, generates a preimage of MD5. The memory complexity of the attack is 2×11 words. Our attack is based on splice-and-cut and localcollision techniques that have been applied to step-reduced MD5 and other hash functions. We first generalize and improve these techniques so that they can be more efficiently applied to many hash functions whose message expansions are a permutation of message-word order in each round. We then apply these techniques to MD5 and optimize the attack by considering the details of MD5 structure. keywords: MD5, splice-and-cut, local collision, hash function, one-way, preimage