MD5 is one of the most widely used cryptographic hash functions nowadays. It was designed in 1992 as an improvement of MD4, and its security was widely studied since then by several authors. The best known result so far was a semi free-start collision, in which the initialvalue of the hash function is replaced by a non-standard value, which is the result of the attack. In this paper we present a new powerful attack on MD5 which allows us to find collisions efficiently. We used this attack to find collisions of MD5 in about 15 minutes up to an hour computation time. The attack is a differential attack, which unlike most differential attacks, does not use the exclusive-or as a measure of difference, but instead uses modular integer subtraction as the measure. We call this kind of differential a modular differential. An application of this attack to MD4 can find a collision in less than a fraction of a second. This attack is also applicable to other hash functions, such as RIPEMD and HAVAL.

给出了一种Hash函数HAVAL-128的有效攻击方法. HAVAL是由zheng等人在Auscrypto'92提出的，它的轮数可以是3、4或5，输出长度为128、160、192或224比特的杂凑值本文攻击的是具有128比特杂凑值的HAVAL算法本文的主要结论是，任给一个1024比特长的消息m，只要对m做一些适当的修改，修改后的消息m就会和另外一个消息m'以2-7的概率发生碰撞，其中m'=m+△m，△m是事先选定的一个固定的明文差分另外，本文还给出了两个碰撞的实例.

In this paper, we present new collision search attacks on the hash function SHA-1. We show that collisions of SHA-1 can be found with complexity less than 269 hash operations. This is the first attack on the full 80-step SHA-1 with complexity less than the 280 theoretical bound.

In this paper, we use the a 12-round differential (5-16 rounds) to analyze the reduced Skipjack variants starting from the first round. The analysis result is that, breaking 1-21 rounds Skipjack variant needs about 217 chosen plaintexts and 264 encryptions, breaking 1-24 variant needs about 246 chosen plaintexts and 272 encryptions, and 1-26 variants needs about 246 chosen plaintexts and 260 encryptions.