Talk:MD4 hash

From AMule Project FAQ
Jump to: navigation, search

This is a bit out of date, or just uninformed. MD5 is questionable, these days (the currently existing attacks on it aren't serious for most applications, but the door is open for more), and MD4 is known to be absolutely hopeless, and collisions can be found with very little in the way of computational effort. The upshot of which is that it would be theoretically pretty easy for a rogue node to cause undetectable corruption to files on ed2k.

Actually, i believe that is exactly what the article says: MD4 is broken, MD5 ius on its way ;) But if you consider it missleading feel free to fix it in some way. For the moment, MD5 can't be broken in the wayed2k uses it and, what's more, ed2k also uses SHA-1 hashes for AICH which is far from being broken at the moment. Now, I can't wait to see how you'd arrange the article to reflect current crypto status, so feel free to do so.

ed2k hash note ?

Why was my note about ed2k URL not using MD4 deleted ? The pages now convey the wrong information, that the hash in the ed2k link is MD4, when in reality it is not.

--Xerces8 11:36, 5 Jan 2007 (CET)

Maybe because it is, indeed, a MD4 hash. Kry 00:47, 6 Jan 2007 (CET)

It is not:

G:\transfer>fsum -md5 -md4 -edonkey ubuntu-6.06-desktop-i386.iso

SlavaSoft Optimizing Checksum Utility - fsum 2.51
Implemented using SlavaSoft QuickHash Library <>
Copyright (C) SlavaSoft Inc. 1999-2004. All rights reserved.

; SlavaSoft Optimizing Checksum Utility - fsum 2.51 <>
; Generated on 01/07/07 at 11:41:58
e2e5e0bfb2edffd2ce02dd77bda4558e *ubuntu-6.06-desktop-i386.iso
5a61aa2923b4e89cf4ebe309a62cdae9 ?MD4*ubuntu-6.06-desktop-i386.iso
fb73a6dbaefdfb7969ffd8ce8e4fc6e3 ?EDONKEY*ubuntu-6.06-desktop-i386.iso

(the first value is MD5) 

The file can be downloaded here

eMule v0.47c also calculates FB73A6DBAEFDFB7969FFD8CE8E4FC6E3 as checksum. The complete URL is ed2k://|file|ubuntu-6.06-desktop-i386.iso|731744256|FB73A6DBAEFDFB7969FFD8CE8E4FC6E3|h=OMTFMXTZR5MC4FVWCFXNGXIOTMJHK2HT|/

So either it is really not MD4 or aMule is not compatible with eMule and Edonkey in general, which I doubt.

--Xerces8 11:58, 7 Jan 2007 (CET)


Kry 12:31, 7 Jan 2007 (CET)

I've written some code to do ed2k hash calculation in PHP:

	function ed2kHash_file ($name)
		# Calculates eDonkey2000 hash for any given file
		# By: Tom Higginson
		# Date: 9th January 2008
		# License: Public domain
		$chunkSize = 9728000;
		$md4str = '';
		if (!file_exists($name))
			return false;
		if (filesize($name) <= $chunkSize)
			return hash_file('md4', $name);
			$fH = fopen($name, 'r');
			while (!feof($fH))
				$chunk = fread($fH, $chunkSize);
				$md4str .= hash('md4', $chunk);
			fclose ($fH);
			return hash('md4', $md4str);

Hope it's useful to someone. -- 01:53, 10 January 2008 (CET)