Sei sulla pagina 1di 35


Akshay Sharma (08IT000366) Riddhi Surana (08IT000375) Swapnil Bhatnagar (08IT000379)

MD5 encryption is always mentioned when we discuss over the topic of Cryptography.

Message-Digest algorithm 5, more commonly known as MD5, is a type of cryptographic hash function that is generally used together with a 128bit hash value.
MD5 is greatly utilized in different security functions as identified in the standard Internet Engineering Task Force (IETF). According to the experts, MD5 hash is commonly expressed as 32-digit Hexadecimal number.

MD5 was created and developed by Prof. Ronald L. Rivest of MIT, which is the third in this series of message digests. The other two encryptions were the MD2 & MD4 and these were quite the same with MD5 with respect to their structure.

However, MD2 was more preferred on machines that run in 8-bit while the two more recent algorithms (MD4 and MD5) were designed to work on 32-bit type of computers.

Rivest developed MD5 with a view to use it widely in digital signature applications. Digital signature programs involve with the function of compressing large-size files using a safe method before encryption (using a password), which is under a public key Cryptosystem.

The word Message-Digest here implies a unique identification or a fingerprint of a file. Since any small change in the file can change its hash string, so it is most commonly used in checking the integrity of the file. The MD5 algorithm is designed to be quite fast on 32-bit machines. In addition, the MD5 algorithm does not require any large substituting tables; the Algorithm can be coded quite compactly. MD5 is somewhat slower than that of MD4 algorithm, but is more securely and conservatively designed.

A brief History of MD5:

MD5 is an algorithm developed by Professor Ronald Rivest of MIT University in the series of Message-Digest Algorithms. When statistics and analytics indicated that the predecessor of MD5, i.e. MD4 algorithm is quite insecure and vulnerable. MD5 was designed in 1991 to be more secure and conservative replacement against attacks. In 1993, Dan Boer and Bosselaers were succeeded partially in finding that two different initialization vectors produce an identical digest.

In 1996, Dobbertin announced a collision of compression function of MD5 algorithm. This was actually not an attack over the whole MD5 function but it suggested considering now any better cryptographic replacement for use. On March 18th, 2006, Klima published an algorithm which was capable of finding collision in MD5 on a single notebook computer, using a method particularly known as Tunnelling. In 2008, United States Cyber Command used a MD5 hash of their mission statement as a part of their official emblem.

On December 24th, 2010, Tao Xie and Dengguo Feng announced the first published single-block MD5 collision (two 64-byte messages with same MD5 hash).

Previous collision discoveries relied on multi-block attacks. Xie and Fend, for some reasons didnt disclose the new attack method. They have challenged the Cryptographic community of $10,000 for the one who finds any other 64-byte collision method before January 1st, 2013.

Hash function
A hash function is any well-defined function which converts large amount of data into a small data representation. The Hash Function returns a calculated value known as hash values, hash codes, hash sums, checksums or hashes. Hash functions are most commonly used for searching the data or for tasks like comparison, finding items in large databases, detecting similar or duplicate records in large files, etc. Hash functions are also used in hash tables to quickly locate the data, used to build cache for large data.

MD5 Hashes
The 128-bit or, more specifically, 16-byte MD5 hashes (also termed message digests) can be represented in the form of a sequence of 32 hex digits. The following demonstrates a 43byte ASCII input and the corresponding MD5 hash:

MD5 ("Sir Padampat Singhania University") = 3c6923b9e53a2612a2d583091151f3

Even a small change in the message will (with overwhelming probability) result in a mostly different hash, due to the avalanche effect. For example, adding a period to the end of the sentence: MD5 ("Sir Padampat Singhania University.") = d07f692567e28abb2b9f947d91b1fc3 The hash of the zero-length string is: MD5 ("") = d41d8cd98f00b204e9800998ecf8427e

Cryptography or cryptology is the pattern and study of hiding information or data. Modern cryptography mainly deals with the field of mathematics, computer science and electrical engineering. Cryptography applications are mostly used in ATM cards, computer passwords and electronic commerce. The main use of encryption was to ensure the privacy of the data or message in communication from spies or diplomats. In this days this filed make so much progress with new techniques like message integrity checking, sender/receiver identity authentication, digital signatures, secure computations etc.


Application 1

Application 2

Application 3

Application 4

Application 2

Application 5


The MD5 algorithm is an extension of the MD4 message-digest algorithm. Let us suppose that we are giving an input message of b-bit and we want to find its message digest. Here, b is an arbitrary integer which can be equal to greater than zero but no less than zero. Therefore, let the bits of the input message be as follows: m0 m1 m2 ... m(b-1)

The MD5 Algorithm takes in concern the following steps to compute the message digest of the given input message: 1. Padding the input message. The b-bit message is extended or more specifically padded, so that its length reaches 448 bits, which is 64 bits fewer than a multiple of 512 bits. The padding is performed by appending a single 1 bit to the input message, and then 0 bits are appended so that the length in bits of the padded message becomes equal to 448 bits.

2. Append 64-bit number. Now, the length of the input message is converted to 64-bit representation and then it is appended to the previous result. After this processing, the resulting message of padded bits and b, has a length that is an exact multiple of 512 bits. Also, this message has a length that is an exact multiple of 16 (32-bit) words. Thus, m [0 ... n-1] denote the words of the resulting message, where n is a multiple of 16.

3. Message-Digest Buffer is initialized. A 4-word buffer (A,B,C,D) is used to compute the message digest. Here, each of A, B, C, D is a 32-bit register. These registers are initialized to the following values in hexadecimal: word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10

4. Processing of each 16-Word Blocks: Firstly, four functions are defined that take as input three 32-bit words and result in an output of one 32-bit word. They are as follows:

denote the XOR, OR, AND, and NOT operations respectively. Here, we will also use a 64-element table T [1 ... 64] constructed from the sine function. Let T[i] denote the i-th element of the table, which is equal to the integer part of 4294967296 times abs (sin (i)), where i is in radians.



MD5 Syntax
PHP Syntax for generating MD5 Hash $pwd = md5 ($pwd);

PHP Syntax for Login Form Let's say $_POST ["pass"] is the password they submit and $real_pass is the md5 from your database. if (md5($_POST["pass"] == $real_pass) { // Password correct // Set cookies, redirect, display page } else { // Password incorrect // Redirect, show Error }


Some File Servers provide a pre-computed MD5 (called MD5sum) for their files, so that one can compare the checksum or hash string of the downloaded file with it.

Message-Digest is widely used in different softwares to provide some assurance that a transferred file has arrived intact.

MD5 can also be used to store passwords

How to use MD5 Hash to check the Integrity of Files?

Assume that we have a file called file.tar on our server. Before we download, we will be generating an MD5 hash for this file on the Server. For this purpose, we will be using the following shell commands in UNIX. For UNIX: md5sum file.tar After hitting ENTER key, well see the MD5 Hash as below: e4d909c290d0fb1ca068ffaddf22cbd0

This is the MD5 hash string for the file file.tar. After downloading this file onto the computer, we can cross check the integrity of the file by regenerating the MD5 hash string for the downloaded file. Now, if both the hash strings match, then this implies that the downloaded file is correct. Otherwise it means that the file is corrupt.

Why MD5 is still used widely?

An MD5 exposure is well documented and it remains distributed in its usage. MD5 is used as a checksum hash function because it is very fast and collision is very low in ratio and if collision is possible then that is not a big problem. MD5 is very quick to create.

For unskilled tasks MD5 hash is good enough. For example, if we download an e-book from a trusted mirror and want to check whether the file that has been downloaded is correct or not, we can do it so by generating the MD5 hash of it. Then compare the hash with the generated hash of the file.

MD5 can be read easily as it is short. MD5 security can be improved by preserving it.

MD5 Algorithm is widely used cryptographic hash function and often used in checking file integrity, saving passwords, generating hash functions, etc. MD5 was developed with a view of getting more secure environment than its predecessor, MD4. It is the third in its category of message-digest. Previously, MD2 and MD4 were also developed but MD2 was developed for 8-bit processors while MD4 was not used at a large scale due to lack of security. On the other hand, MD4 and MD5 were developed for 32-bit processors which are used widely in different sectors today.

The security of the MD5 hash function is somewhat compromised. A collision attack exists that can find collisions within seconds on a computer with a 2.6 GHz Pentium4 processor. MD5 is used as a checksum hash function because it is very fast and collision is very low in ratio. It can be read easily as it is short and its security can be improved by preserving it. For this reason, MD5 Encryption method is used widely in various fields.

MD5 Algorithm Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT and RSA Data Security, Inc., April 1992.

MD5 Hash Generator RFC 1321 - The MD5 Message-Digest Algorithm