Beruflich Dokumente
Kultur Dokumente
Volume 6, Issue 2
ABSTRACT INTRODUCTION
The MD5 algorithm is a widely used hash MD5 is one in a series of message digest
function producing a 128-bit hash value. algorithms designed by Professor Ronald
Although MD5 was initially designed to be Rivest of MIT (Rivest, 1992). When analytic
used as a cryptographic hash function, it has work indicated that MD5's predecessor MD4
been found to suffer from extensive was likely to be insecure, Rivest designed
vulnerabilities. It can still be used as a MD5 in 1991 as a secure replacement. (Hans
checksum to verify data integrity, but only Dobbertin did indeed later find weaknesses
against unintentional corruption. Like most in MD4.)In 1993, Den Boer and Bosselaers
hash functions, MD5 is neither encryption gave an early, although limited, result of
nor encoding. It can be reversed by brute- finding a "pseudo-collision" of the MD5
force attack and suffers from extensive compression function; that is, two different
vulnerabilities as detailed in the security initialization vectors that produce an
section below. So this security thread can be identical digest.
overcome threw proposed method of
In 1996, Dobbertin announced a collision of
enhancing MD5 security by using
the compression function of MD5
encryption before hashing.
(Dobbertin, 1996). While this was not an
attack on the full MD5 hash function, it was
Index Terms—MD5, Cryptography, close enough for cryptographers to
Cryptanalysis, Cipher text, RFC, Dual recommend switching to a replacement,
encryption, RSA, Message digest, HMAC- such as SHA-1 or RIPEMD-160.
MD5, X.509, MD5CRK, SHA-1, RIPEMD-
The size of the hash value (128 bits) is small
160.
enough to contemplate a birthday attack.
www.ijrfe.co.in Page 1
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
MD5CRK was a distributed project started emblem.[10] On 24 December 2010, Tao Xie
in March 2004 with the aim of and Dengguo Feng announced the first
demonstrating that MD5 is practically published single-block (512-bit) MD5
[11]
insecure by finding a collision using a collision. (Previous collision discoveries
birthday attack. MD5CRK ended shortly had relied on multi-block attacks.) For
after 17 August 2004, when collisions for "security reasons", Xie and Feng did not
the full MD5 were announced by Xiaoyun disclose the new attack method. They issued
Wang, Dengguo Feng, Xuejia Lai, and a challenge to the cryptographic community,
Hongbo Yu.[4][5] Their analytical attack was offering a US$10,000 reward to the first
reported to take only one hour on an IBM finder of a different 64-byte collision before
p690 cluster.[6] 1 January 2013. Marc Stevens responded to
the challenge and published colliding single-
On 1 March 2005, Arjen Lenstra, Xiaoyun
block messages as well as the construction
Wang, and Benne de Weger demonstrated
algorithm and sources.[12]
construction of two X.509 certificates with
different public keys and the same MD5 2. LITERATURE REVIEW
hash value, a demonstrably practical
collision.[7] The construction included
MD5 digests have been widely used in the
private keys for both public keys. A few
software world to provide some assurance
days later, Vlastimil Klima described an
that a transferred file has arrived intact. For
improved algorithm, able to construct MD5
example, file servers often provide a pre-
collisions in a few hours on a single
computed MD5 (known as md5sum)
notebook computer.[8] On 18 March 2006,
checksum for the files, so that a user can
Klima published an algorithm that could
compare the checksum of the downloaded
find a collision within one minute on a
file to it. Most Unix-based operating
single notebook computer, using a method
systems include MD5 sum utilities in their
he calls tunnelling.[9]
distribution packages; Windows users may
use the included Power Shell function "Get-
Various MD5-related RFC errata have been
File Hash", install a Microsoft utility,[42][43]
published. In 2009, the United States Cyber
or use third-party applications. Android
Command used an MD5 hash value of their
ROMs also use this type of checksum
mission statement as a part of their official
www.ijrfe.co.in Page 2
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
www.ijrfe.co.in Page 3
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
(Z))
After all rounds have been performed, the
H(X, Y, Z) = X xor Y xor Z
buffers A, B, C and D contain the MD5
I(X, Y, Z) = Y xor (X or not (Z))
digest of the original input. MD5 processes a
variable-length message into a fixed-length
2.2. PROCESSING THE BLOCK
output of 128 bits. The input message is
The contents of the four buffers (A, B, C broken up into chunks of 512-bit blocks
and D) are now mixed with the words of the (sixteen 32-bit words); the message is
input, using the four auxiliary functions (F, padded so that its length is divisible by 512.
G, H and I). There are four rounds, each The padding works as follows: first a single
bit, 1, is appended to the end of the message.
www.ijrfe.co.in Page 4
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
This is followed by as many zeros as are (complexity 239).[17] The ability to find
required to bring the length of the message collisions has been greatly aided by the use
up to 64 bits fewer than a multiple of 512. of off-the-shelf GPUs. On an NVIDIA
The remaining bits are filled up with 64 bits GeForce 8400GS graphics processor, 16–18
representing the length of the original million hashes per second can be computed.
message, modulo 264.The main MD5 An NVIDIA GeForce 8800 Ultra can
algorithm operates on a 128-bit state, calculate more than 200 million hashes per
divided into four 32-bit words, denoted A, B, second. These hash and collision attacks
C, and D. These are initialized to certain have been demonstrated in the public in
fixed constants. The main algorithm then various situations, including colliding
uses each 512-bit message block in turn to document files and digital certificates. As of
modify the state. The processing of a 2015, MD5 was demonstrated to be still
message block consists of four similar quite widely used, most notably by security
stages, termed rounds; each round is research and antivirus companies.
composed of 16 similar operations based on
3. PROPOSED METHOD
a non-linear function F, modular addition,
and left rotation. Figure 1 illustrates one
So as we can see that there are various
operation within a round. There are four
security threads using MD5 hashing and any
possible functions F; a different one is used
one can break the security of MD5 hashing
in each round:
algorithm using various attacking methods
and can get access to our confidential data.
Security issues
www.ijrfe.co.in Page 5
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
www.ijrfe.co.in Page 6
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
if ((str.Substring(ii, 1) == "a")) {
{ encrypted = encrypted + C;
encrypted = encrypted + a; }
{ encrypted = encrypted + d;
encrypted = encrypted + A; }
{ encrypted = encrypted + D;
encrypted = encrypted + b; }
{ encrypted = encrypted + e;
encrypted = encrypted + B; }
{ encrypted = encrypted + E;
encrypted = encrypted + c; }
www.ijrfe.co.in Page 7
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
{ encrypted = encrypted + H;
encrypted = encrypted + f; }
{ encrypted = encrypted + i;
encrypted = encrypted + F; }
{ encrypted = encrypted + I;
encrypted = encrypted + g; }
{ encrypted = encrypted + j;
encrypted = encrypted + G; }
{ encrypted = encrypted + J;
encrypted = encrypted + h; }
www.ijrfe.co.in Page 8
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
encrypted = encrypted + k; }
{ encrypted = encrypted + n;
encrypted = encrypted + K; }
{ encrypted = encrypted + N;
encrypted = encrypted + l; }
{ encrypted = encrypted + o;
encrypted = encrypted + L; }
{ encrypted = encrypted + O;
encrypted = encrypted + m; }
{ encrypted = encrypted + p;
encrypted = encrypted + M; }
www.ijrfe.co.in Page 9
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
{ encrypted = encrypted + s;
encrypted = encrypted + P; }
{ encrypted = encrypted + R;
encrypted = encrypted + q; }
{ encrypted = encrypted + t;
encrypted = encrypted + Q; }
{ encrypted = encrypted + T;
encrypted = encrypted + r; }
{ encrypted = encrypted + u;
encrypted = encrypted + R; }
www.ijrfe.co.in Page 10
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
encrypted = encrypted + U; }
{ encrypted = encrypted + X;
encrypted = encrypted + v; }
{ encrypted = encrypted + y;
encrypted = encrypted + V; }
{ encrypted = encrypted + Y;
encrypted = encrypted + w; }
{ encrypted = encrypted + z;
encrypted = encrypted + W; }
{ encrypted = encrypted + Z;
encrypted = encrypted + x; }
www.ijrfe.co.in Page 11
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
} else
www.ijrfe.co.in Page 12
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
Int added value = 0; Now we will get the MD5 hash value of
encrypted input data.
for (int c = 0; c < (64 - encrypted. Length)
- 2; c++) Let's take the following example:
encrypted = encrypted + '*'; Step 1: encrypt the input string '12' by using
proposed algorithm
addedvalue = count;
I. In 1st loop the proposed algorithm
end
will convert first alphabet of input
encrypted = encrypted + addedvalue; string '1' to '10'.
II. Now in same loop the next if
end
condition will be satisfied and the
end for loop inner loop will add '*' and added
value to encrypted string and will
Step 2: Now calculate MD5 hash for this
make it -
encrypted input data
www.ijrfe.co.in Page 13
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
10**************************** (Sender)
**2923
IV. Now in same loop the next if Plain Encrypte
d Text
condition will be satisfied and the MD5
Text
inner loop will add '*' and added
value to encrypted string and will Proposed Algorithm
make it -
10**************************** Hash Value
Attack
**2923*************12 er (Transmitted to
'847d1ad3be63077192a2e22d9603ac21' (Receiver)
Received Hash Value
VI. This final hash value can be used to
authenticate the data by comparing
(Not Matched)
the string which is generated by
Calculated Hash
encrypting the transmitted data with
Value
same proposed algorithm followed
by hash value generation. Plain Encrypte MD5
The above example can be described by Text d
Proposed Algorithm
www.ijrfe.co.in Page 14
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
REFERENCES
------------------------------------------------------
--------------------- 1) R. Rivest, “The MD5 Message-Digest
Algorithm,” RFC 1321, Apr. 1992.
www.ijrfe.co.in Page 15
International Journal of Research Fellow for Engineering
Volume 6, Issue 2
www.ijrfe.co.in Page 16