International Journal of Research Fellow for Engineering

Volume 6, Issue 2

A NEW APPROACH IN ENHANCE SECURITY OF MD5 HASH USING

PRE ENCRYPTION
#1
Mr.Sheo Kumar,
#1
Associate Professor (CSE), IIMT College of Engineering Greater Noida, U.P, India.
#1
a@gmail.com

ABSTRACT INTRODUCTION

The MD5 algorithm is a widely used hash
function producing a 128-bit hash value.
Although MD5 was initially designed to be
used as a cryptographic hash function, it has
been found to suffer from extensive
vulnerabilities. It can still be used as a
checksum to verify data integrity, but only
against unintentional corruption. Like most
hash functions, MD5 is neither encryption
nor encoding. It can be reversed by brute-
force attack and suffers from extensive
vulnerabilities as detailed in the security
section below. So this security thread can be
overcome threw proposed method
enhancing MD5 security by using
encryption before hashing.
Index Terms—MD5, Cryptography,
Cryptanalysis, Cipher text, RFC, Dual
encryption, RSA, Message digest, HMAC-
MD5, X.509, MD5CRK, SHA-1, RIPEMD-
160.
MD5 is one in a series of message digest
algorithms designed by Professor Ronald
Rivest of MIT (Rivest, 1992). When analytic
work indicated that MD5's predecessor MD4
was likely to be insecure, Rivest designed
MD5 in 1991 as a secure replacement. (Hans
Dobbertin did indeed later find weaknesses
in MD4.)In 1993, Den Boer and Bosselaers
gave an early, although limited, result of
finding a "pseudo-collision" of the MD5
compression function; that is, two different
initialization vectors that produce an
identical digest.
of
In 1996, Dobbertin announced a collision of
the compression function of MD5
(Dobbertin, 1996). While this was not an
attack on the full MD5 hash function, it was
close enough for cryptographers to
recommend switching to a replacement,
such as SHA-1 or RIPEMD-160.
The size of the hash value (128 bits) is small
enough to contemplate a birthday attack.

www.ijrfe.co.in Page 1

MD5CRK was a distributed project started
in March 2004 with the aim
demonstrating that MD5 is practically
insecure by finding a collision using a
birthday attack. MD5CRK ended shortly
after 17 August 2004, when collisions for
the full MD5 were announced by Xiaoyun
Wang, Dengguo Feng, Xuejia Lai, and
Hongbo Yu.[4][5] Their analytical attack was
reported to take only one hour on an IBM
p690 cluster.[6]
On 1 March 2005, Arjen Lenstra, Xiaoyun
Wang, and Benne de Weger demonstrated
construction of two X.509 certificates with
different public keys and the same MD5
hash value, a demonstrably practical
collision.[7] The construction included
private keys for both public keys. A few
days later, Vlastimil Klima described an
improved algorithm, able to construct MD5
collisions in a few hours on a single
notebook computer.[8] On 18 March 2006,
Klima published an algorithm that could
find a collision within one minute on a
single notebook computer, using a method
he calls tunnelling.[9]
Various MD5-related RFC errata have been
published. In 2009, the United States Cyber
Command used an MD5 hash value of their
mission statement as a part of their official
www.ijrfe.co.in
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
emblem.[10] On 24 December 2010, Tao Xie
of and Dengguo Feng announced the first
published single-block (512-bit) MD5
[11]
collision. (Previous collision discoveries
had relied on multi-block attacks.) For
"security reasons", Xie and Feng did not
disclose the new attack method. They issued
a challenge to the cryptographic community,
offering a US$10,000 reward to the first
finder of a different 64-byte collision before
1 January 2013. Marc Stevens responded to
the challenge and published colliding single-
block messages as well as the construction
algorithm and sources.[12]
2. LITERATURE REVIEW
MD5 digests have been widely used in the
software world to provide some assurance
that a transferred file has arrived intact. For
example, file servers often provide a pre-
computed MD5 (known as md5sum)
checksum for the files, so that a user can
compare the checksum of the downloaded
file to it. Most Unix-based operating
systems include MD5 sum utilities in their
distribution packages; Windows users may
use the included Power Shell function "Get-
File Hash", install a Microsoft utility,[42][43]
or use third-party applications. Android
ROMs also use this type of checksum
Page 2

Figure 1.1
As it is easy to generate MD5 collisions, it is
possible for the person who created the file
to create a second file with the same
checksum, so this technique cannot protect
against some forms of malicious tampering.
In some cases, the checksum cannot be
trusted (for example, if it was obtained over
the same channel as the downloaded file), in
which case MD5 can only provide error-
checking functionality: it will recognize a
corrupt or incomplete download, which
becomes more likely when downloading
larger files. MD5 can be used to store a one-
way hash of a password, often with key
[44][45]
stretching. Along with other
functions, it is also used in the field of
electronic discovery, in order to provide a
unique identifier for each document that is
exchanged during the legal discovery
process. This method can be used to replace
www.ijrfe.co.in
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
the Bates stamp numbering system that has
been used for decades during the exchange
of paper documents.
A. How MD5 works
2.1 PREPARIG THE INPUT
The MD5 algorithm first divides the input in
blocks of 512 bits each. 64 Bits are inserted
at the end of the last block. These 64 bits are
used to record the length of the original
input. If the last block is less than 512 bits,
some extra bits are 'padded' to the end.
Next, each block is divided into 16 words
of 32 bits each. These are denoted as M 0 ...
M15.
2.2 MD5 HELPER FUNCTIONs
 The buffer
MD5 uses a buffer that is made up of four
words that are each 32 bits long. These
words are called A, B, C and D. They are
initialized as
hash
Word A: 01 23 45 67
Word B: 89 ab cd ef
Word C: fe dc ba 98
Word D: 76 54 32 10
Page 3
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

 The table involves 16 basic operations. One operation

is illustrated in the figure below.
MD5 further uses a table K that has 64
elements. Element number i is indicated as
Ki. The table is computed beforehand to
speed up the computations. The elements are
computed using the mathematical sin
function:

Ki = abs (sin (i + 1)) * 232

 Four auxiliary functions

In addition MD5 uses four auxiliary

functions that each take as input three 32-bit
The figure 1.2 shows how the auxiliary
words and produce as output one 32-bit
function F is applied to the four buffers (A,
word. They apply the logical operators and,
B, C and D), using message word Mi and
or, not and xor to the input bits.
constant Ki. The item "<<<s" denotes a
F(X, Y, Z) = (X and Y) or (not(X) and binary left shift by s bits.
Z)
G(X, Y, Z) = (X and Z) or (Y and not  The output

(Z))
After all rounds have been performed, the
H(X, Y, Z) = X xor Y xor Z
buffers A, B, C and D contain the MD5
I(X, Y, Z) = Y xor (X or not (Z))
digest of the original input. MD5 processes a
variable-length message into a fixed-length
2.2. PROCESSING THE BLOCK
output of 128 bits. The input message is

The contents of the four buffers (A, B, C broken up into chunks of 512-bit blocks

and D) are now mixed with the words of the (sixteen 32-bit words); the message is

input, using the four auxiliary functions (F, padded so that its length is divisible by 512.

G, H and I). There are four rounds, each The padding works as follows: first a single
bit, 1, is appended to the end of the message.

www.ijrfe.co.in Page 4

This is followed by as many zeros as are
required to bring the length of the message
up to 64 bits fewer than a multiple of 512.
The remaining bits are filled up with 64 bits
representing the length of the original
message, modulo 264.The main MD5
algorithm operates on a 128-bit state,
divided into four 32-bit words, denoted A, B,
C, and D. These are initialized to certain
fixed constants. The main algorithm then
uses each 512-bit message block in turn to
modify the state. The processing of a
message block consists of four similar
stages, termed rounds; each round is
composed of 16 similar operations based on
a non-linear function F, modular addition,
and left rotation. Figure 1 illustrates one
operation within a round. There are four
possible functions F; a different one is used
in each round:
 Security issues
The security of the MD5 hash function is
severely compromised. A collision attack
exists that can find collisions within seconds
on a computer with a 2.6 GHz Pentium 4
processor (complexity of 224.1).[16] Further,
there is also a chosen-prefix collision attack
that can produce a collision for two inputs
with specified prefixes within hours, using
off the shelf computing hardware
www.ijrfe.co.in
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
(complexity 239).[17] The ability to find
collisions has been greatly aided by the use
of off-the-shelf GPUs. On an NVIDIA
GeForce 8400GS graphics processor, 16–18
million hashes per second can be computed.
An NVIDIA GeForce 8800 Ultra can
calculate more than 200 million hashes per
second. These hash and collision attacks
have been demonstrated in the public in
various situations, including colliding
document files and digital certificates. As of
2015, MD5 was demonstrated to be still
quite widely used, most notably by security
research and antivirus companies.
3. PROPOSED METHOD
So as we can see that there are various
security threads using MD5 hashing and any
one can break the security of MD5 hashing
algorithm using various attacking methods
and can get access to our confidential data.
So here is the proposed method to enhance
the security of MD5 in which, we can
encrypt the input data of MD5 before
generation of hash value and when any
attacker make attack on hash code and try to
decrypt it, then he will find only encrypted
data only but not the original data for which
hash code was created using MD5.
Page 5
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

This method will work as follow: string q = "qr", Q = "QR";

Step 1: Encrypt the input data before string r = "rq", R = "RQ";

sending to MD5 algorithm by using string s = "st", S = "ST";

following algorithm
string t = "ts", T = "TS";
String str; //this is input data
string u = "uv", U = "UV";
string a = "ab", A = "AB";
string v = "vu", V = "VU";
string b = "ab", B = "AB";
string w = "wx", W = "WX";
string c = "cd", C = "CD";
string x = "xw", X = "XW";
string d = "dc", D = "DC";
string y = "yz", Y = "YZ";
string e = "ef", E = "EF";
string z = "zy", Z = "ZY";
string f = "fe", F = "FE";
string num0 = "01";
string g = "gh", G = "GH";
string num1 = "10";
string h = "hg", H = "HG";
string num2 = "23";
string i = "ij", I = "IJ";
string num3 = "32";
string j = "ji", J = "JI";
string num4 = "45";
string k = "kl", K = "KL";
string num5 = "54";
string l = "lk", L = "LK";
string num6 = "67";
string m = "mn", M = "MN";
string num7 = "76";
string n = "nm", N = "NM";
string num8 = "89";
string o = "op", O = "OP";
string num9 = "98";
string p = "po", P = "PO";
String encrypted = "";

www.ijrfe.co.in Page 6
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

for (int ii = 0; ii < str.Length; ii++) }

start else if (str.Substring(ii, 1) == "C")

if ((str.Substring(ii, 1) == "a")) {

{ encrypted = encrypted + C;

encrypted = encrypted + a; }

} else if (str.Substring(ii, 1) == "d")

else if (str.Substring(ii, 1) == "A") {

{ encrypted = encrypted + d;

encrypted = encrypted + A; }

} else if (str.Substring(ii, 1) == "D")

else if (str.Substring(ii, 1) == "b") {

{ encrypted = encrypted + D;

encrypted = encrypted + b; }

} else if (str.Substring(ii, 1) == "e")

else if (str.Substring(ii, 1) == "B") {

{ encrypted = encrypted + e;

encrypted = encrypted + B; }

} else if (str.Substring(ii, 1) == "E")

else if (str.Substring(ii, 1) == "c") {

{ encrypted = encrypted + E;

encrypted = encrypted + c; }

www.ijrfe.co.in Page 7
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

else if (str.Substring(ii, 1) == "f") {

{ encrypted = encrypted + H;

encrypted = encrypted + f; }

} else if (str.Substring(ii, 1) == "i")

else if (str.Substring(ii, 1) == "F") {

{ encrypted = encrypted + i;

encrypted = encrypted + F; }

} else if (str.Substring(ii, 1) == "I")

else if (str.Substring(ii, 1) == "g") {

{ encrypted = encrypted + I;

encrypted = encrypted + g; }

} else if (str.Substring(ii, 1) == "j")

else if (str.Substring(ii, 1) == "G") {

{ encrypted = encrypted + j;

encrypted = encrypted + G; }

} else if (str.Substring(ii, 1) == "J")

else if (str.Substring(ii, 1) == "h") {

{ encrypted = encrypted + J;

encrypted = encrypted + h; }

} else if (str.Substring(ii, 1) == "k")

else if (str.Substring(ii, 1) == "H") {

www.ijrfe.co.in Page 8
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

encrypted = encrypted + k; }

} else if (str.Substring(ii, 1) == "n")

else if (str.Substring(ii, 1) == "K") {

{ encrypted = encrypted + n;

encrypted = encrypted + K; }

} else if (str.Substring(ii, 1) == "N")

else if (str.Substring(ii, 1) == "l") {

{ encrypted = encrypted + N;

encrypted = encrypted + l; }

} else if (str.Substring(ii, 1) == "o")

else if (str.Substring(ii, 1) == "L") {

{ encrypted = encrypted + o;

encrypted = encrypted + L; }

} else if (str.Substring(ii, 1) == "O")

else if (str.Substring(ii, 1) == "m") {

{ encrypted = encrypted + O;

encrypted = encrypted + m; }

} else if (str.Substring(ii, 1) == "p")

else if (str.Substring(ii, 1) == "M") {

{ encrypted = encrypted + p;

encrypted = encrypted + M; }

www.ijrfe.co.in Page 9
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

else if (str.Substring(ii, 1) == "P") {

{ encrypted = encrypted + s;

encrypted = encrypted + P; }

} else if (str.Substring(ii, 1) == "S")

else if (str.Substring(ii, 1) == "q") {

{ encrypted = encrypted + R;

encrypted = encrypted + q; }

} else if (str.Substring(ii, 1) == "t")

else if (str.Substring(ii, 1) == "Q") {

{ encrypted = encrypted + t;

encrypted = encrypted + Q; }

} else if (str.Substring(ii, 1) == "T")

else if (str.Substring(ii, 1) == "r") {

{ encrypted = encrypted + T;

encrypted = encrypted + r; }

} else if (str.Substring(ii, 1) == "u")

else if (str.Substring(ii, 1) == "R") {

{ encrypted = encrypted + u;

encrypted = encrypted + R; }

} else if (str.Substring(ii, 1) == "U")

else if (str.Substring(ii, 1) == "s") {

www.ijrfe.co.in Page 10
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

encrypted = encrypted + U; }

} else if (str.Substring(ii, 1) == "X")

else if (str.Substring(ii, 1) == "v") {

{ encrypted = encrypted + X;

encrypted = encrypted + v; }

} else if (str.Substring(ii, 1) == "y")

else if (str.Substring(ii, 1) == "V") {

{ encrypted = encrypted + y;

encrypted = encrypted + V; }

} else if (str.Substring(ii, 1) == "Y")

else if (str.Substring(ii, 1) == "w") {

{ encrypted = encrypted + Y;

encrypted = encrypted + w; }

} else if (str.Substring(ii, 1) == "z")

else if (str.Substring(ii, 1) == "W") {

{ encrypted = encrypted + z;

encrypted = encrypted + W; }

} else if (str.Substring(ii, 1) == "Z")

else if (str.Substring(ii, 1) == "x") {

{ encrypted = encrypted + Z;

encrypted = encrypted + x; }

www.ijrfe.co.in Page 11
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

else if (str.Substring(ii, 1) == "0") {

{ encrypted = encrypted + num5;

encrypted = encrypted + num0; }

} else if (str.Substring(ii, 1) == "6")

else if (str.Substring(ii, 1) == "1") {

{ encrypted = encrypted + num6;

encrypted = encrypted + num1; }

} else if (str.Substring (ii, 1) == "7")

else if (str.Substring (ii, 1) == "2") {

{ encrypted = encrypted + num7;

encrypted = encrypted + num2; }

} else if (str.Substring (ii, 1) == "8")

else if (str.Substring (ii, 1) == "3") {

{ encrypted = encrypted + num8;

encrypted = encrypted + num3; }

} else if (str.Substring(ii, 1) == "9")

else if (str.Substring (ii, 1) == "4") {

{ encrypted = encrypted + num9;

encrypted = encrypted + num4; }

} else

else if (str.Substring(ii, 1) == "5") {

www.ijrfe.co.in Page 12
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

encrypted = encrypted + ""; sBuilder.Append (data[i].To String ("x2"));

} **// this convert each digit to hexadecimal

If (encrypted. Length < 64) end

start return sBuilder.ToString ();

Int added value = 0; Now we will get the MD5 hash value of
encrypted input data.
for (int c = 0; c < (64 - encrypted. Length)
- 2; c++) Let's take the following example:

start string str="12"; (input data)

encrypted = encrypted + '*'; Step 1: encrypt the input string '12' by using
proposed algorithm
addedvalue = count;
I. In 1st loop the proposed algorithm
end
will convert first alphabet of input
encrypted = encrypted + addedvalue; string '1' to '10'.
II. Now in same loop the next if
end
condition will be satisfied and the
end for loop inner loop will add '*' and added
value to encrypted string and will
Step 2: Now calculate MD5 hash for this
make it -
encrypted input data

MD5 md5hash=MD5.Create (); byte[]data = 10****************************

md5hash.ComputeHash(Encoding.UTF8.Ge **29
tBytes (encrypted))
Where 29 is the final added value.
StringBuilder builder = new StringBuilder();
III. In 2nd loop the proposed algorithm
for (int i = 0; i < data.Length; i++) will convert second alphabet of input
string '2' to '23' and will upend the
start
previous out with 23.

www.ijrfe.co.in Page 13
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

10**************************** (Sender)
**2923
IV. Now in same loop the next if Plain Encrypte
d Text
condition will be satisfied and the MD5
Text
inner loop will add '*' and added
value to encrypted string and will Proposed Algorithm

make it -
10**************************** Hash Value
Attack
**2923*************12 er (Transmitted to

Where 12 is the final added value in Receiver)

this inner loop. 'Encrypted Text' only, but

V. Now MD5 hash is created for above not the original 'Plain Text'

encrypted output and each byte of

hash is converted to hexadecimal
using string builder. The final output
string will be as follow. ------------------------------------------------------
-----------------------

'847d1ad3be63077192a2e22d9603ac21' (Receiver)
Received Hash Value
VI. This final hash value can be used to
authenticate the data by comparing
(Not Matched)
the string which is generated by
Calculated Hash
encrypting the transmitted data with
Value
same proposed algorithm followed
by hash value generation. Plain Encrypte MD5
The above example can be described by Text d

block diagram as follow: Text

Proposed Algorithm

www.ijrfe.co.in Page 14
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

REFERENCES
------------------------------------------------------
--------------------- 1) R. Rivest, “The MD5 Message-Digest
Algorithm,” RFC 1321, Apr. 1992.

Received Hash Value 2) H. Dobbertin, A. Bosselaers and B.

Preneel, “RIPEMD-160: A Strengthened
(Matched)
Version of RIPEMD, Fast Software
Calculated Hash
Encryption,” LNCS 1039, pp. 71-92,
Value
Springer-Verlag, 1996.

Plain Encrypted MD5 3) W. Stallings, Cryptography and Network

Text Security, 2nd ed., Now York: Prentice-
Text
Hall, 1997.

Proposed Algorithm 4) S. Dominikus, “A hardware

Figure 2.1
4. CONCLUSION
5)
Here we can see that hash value can be
cracked by any attacker, so if we follow the 6)
above proposed method, then if the attacker
will be successful to crack the hash code
then it will be able to get only encrypted 7)
string but not the original data. Hence we
can enhance the security of MD5 using
above proposed method.
implementation of MD4-family hash
algorithms,” Proc. 9th Int. Conf. on
Electronics, Circuits and Systems, vol. 3,
pp. 1143-1146, 2002
.MD5 is faster than SHA-1.Journal Of
Omnifarious-Myth.
William Stalling7, Fourth Edition,
Cryptography and Network Security
(Various Hash Algorithms).
F. Chabaud, A. Joux. "Differential
Collisions in SHA-0". In Advances in
Cryptology CRYPTO'98, Santa Barbara,
A, Lecture Notes in Computer Science
1462. Springer-Verlag, NY, pp. 56–71,
1998.

www.ijrfe.co.in Page 15
 International Journal of Research Fellow for Engineering
Volume 6, Issue 2

8) NIST FIPS PUB 180-1. Oct. 2001.

9) NIST, "Secure Hash Standard (SHS)",

FIPS PUB 180-2, 2002.

10) K. Matusiewicz and J. Pieprzyk "Finding

good differential patterns for attacks on
SHA-1" eprint 2004 Available:
http://eprint. Iacr. Org/2004/364. Pdf.

11) F. Chabaud, A. Joux. "Differential

Collisions in SHA-0". In Advances in
Cryptology CRYPTO'98, Santa Barbara,
A, Lecture Notes in Computer Science
1462. Springer-Verlag, NY, pp. 56–71,
1998.

12) Rivest R L. The MD5 message digest

algorithm [EB/OL]

13) J. Black, M. Cochran, T. Highland: A

Study of the MD5 Attacks: Insights and
Improvements, March 3, 2006

14) M. E. Hellman, H. R. Amirazizi, "A

Cryptanalytic Time - Memory Trade-
Off," IEEE Transactions on Information
Theory, vol. 34-3, pp. 505-512, 198

www.ijrfe.co.in Page 16