 |
|
|
|
| | Lengthy, abit hard to understand for a novice to anything related to encryption (myself), but I thought it was a bloody good read. Good job. |
|
|
| yeah...md5 can be a bit complicated...not so much for the algorithm (which imho is relatively simple) but just because of the large number of steps...and now i just realized something is wrong with my description...
for everyone wondering what the T[] array is, it is an array of length 64, where T[i] is equal to 4294967296 times abs(sin(i)), where i is in radians...that should clear that up (these values are actually hardcoded into the md5 algo in the code).
Also, if the algorithm still seems confusing, the code might make more sense. that code can be found at: http://xbox.lenaxia.net/paranoia/MD5Class.zip although if the admins would be so kind it might someday be hosted here |
|
|
| | Ah thanks paranoia, greatly appreciated ;) |
|
|
| | i'll host the code when i get onto a damn connection which allows me to ssh. or some other friendly admin could of course ;-) in fact, i'll organise cvs code access for you so you can simply add files! |
|
|
| Damn good read.
I've often wondered how MD5 worked. I had a hard time following it though. What step is it that makes it undecypherable? Why can't you just do the steps backwards? |
|
|
| the big long ugly step makes it undecipherable...mostly because it isn't a cipher.
you don't actually hide the message anywhere, you just use the message bits as one of several parameters to the multiple state variable hashing functions
(technically you could do the steps backwards, but that would require knowing the message text, making the whole process sorta pointless) |
|
|
| great article. good introduction to hashing for me..
but how are md5's cracked? |
|
|
| | since there is no known way to reverse the md5 hash, the only way to obtain the original text is by finding the md5 digests of potential solutions and comparing those to the known digest (i.e: search until you find a text such that md5(text)="known digest") |
|
|
| | Where did you get QH/QuickHash.h from, and what does "using namespace QuickHash;" do? |
|
|
| | QuickHash is a md5 hash library that i got when i searched on google. QH/ is the directory i put it in. QuickHash is the namespace used by the library (so i don't have to type 'QuickHash::' in front of every function name) |
|
|
| the 9th and 10th character in the sample output are backwards(EF vs FE)
ps. I like your use of the term goober |
|
|
| | i don't know what you're talking about niki...it looks fine to me...just kidding...i fixed it...nice catch. and thank you for noticing my extensive use of some very technical vocabulary |
|
|
| | since md5 can be optimized to be quite fast, wouldn it be practical to md5 a string array and when searching, md5 the search string, and compare it to the hashes in the array? |
|
|
| | I think its important to add to the article that MD5 is becoming increasing insecure because its prone to collisions and should be replaced with SHA-1 when you next get the chance. Other than that, great article :) |
|
|
| | how would i make the "bit-wise rotation" in C? |
|
|
| |
|
| |
|
| | In c/c++ at least, << and >> are shift left and right, but i think some compilers support <<< and >>> as rotate left and right. I couldn't find any references to >>> adnd <<< on the web just now but i'm sure i've used them in that way! |
|
|
| That would be nice if you could remember the compiler that supports those <<< >>> operators.
Because I never managed to make the code in the above article work. |
|
|
| | I recommend "Applied cryptography" by Bruce Schneier 4 anyone interested in cryptography.. Damn good book.. |
|
|
| Nice, basic intro.
<Shameless plug>
Check out this URL also if you'd like an additional, slightly more descriptive article on MD5 (portable C++ code) - which isn't really that mysterious!
<http://www.codeguru.com/Cpp/Cpp/algorithms/general/article.php/c7399>
</shameless plug>
|
|
|
| | better still wrap it in bbcode for that nice clickability |
|
|
| i just realized that the hosting for that MD5 class got toasted, so i put a similar (slightly changed) version in my OSIDrive. and yes, the example usage code i wrote does contain a function that takes an old c-style string as a parameter and returns a new string form, making me totally inconsistent. but it's just an example, the other code should be more awesome.
http://www.osix.net/modules/folder/index.php?tid=7559&action=vf |
|
|
| MD5 attacked.. collision attack have been successful in MD5.. 90 mins or so.
DO NOT USE THIS FOR YOUR HASHING NEEDS. Go gor SHA-160 (256 recommended) |
|
|
| | My understanding of the collision attack is that everyone's overreacting, and that it can only be used where you can alter the original message to add 'garbage', and it's not a big deal for 'normal' messages, especially things like <20 char passwords. Isn't this the case? |
|
|
| | Yes.. the applicatons and protocols currenly using MD5 remain fairly secure.... but why walk on a wet swamp when a clean path is available. |
|
|
| | Excellent read. I've been trying to write my own MD5 function in VB6 for a while (don't laugh) and this has really taken it down into something I can *almost* understand. |
|
|
| Kevin Dawson (kevin@ezrs.com)
------------------------------------------------
Well, there is no rotate left (<<<) operator in my compiler. so i defined my own MACRO to implement it. it's like:
#define ROTATE_LEFT(x, n) ( ( x << n ) | ( x >> pow(2, (sizeof(x)) - n ) )
What we basically are doing is shift the bits of x by n places. due to this however, the result loses the first n bits (MSBs) of x and the last n bits (LSBs) are just 0s. What we need to do is replace these last n 0s in the result with the first n bits of x. So, we also right shift x to move the first n bits into the right MSB position. Then we do a bitwise OR of the two shifted results. e.g.
0011 0101 << 3 = 1010 1000
0011 0101 >> 5 = 0000 0001 [because 8-3=5]
---------------------------
Logical OR = 1010 1001
---------------------------
See, the result is is equal to
0011 0101 <<< 3 = 1010 1001
Note: pow() is a library function used to calculate number of bits in x. pow() requires you to #include <math> |
|
|
| Kevin Dawson (kevin@ezrs.com)
------------------------------------------------
PS: It's better to replace x and n with (x) and (n) while defining the macro. It's a good practice.
#define ROTATE_LEFT(x, n) ( ( (x) << (n) ) | ( (x) >> pow(2, (sizeof(x)) - (n) ) ) |
|
|
| I want to correct something here. We don't need to use pow here at all. What we need is to replace pow(2, sizeof(x)) with 8*sizeof(x).
So the macro becomes:
#define ROTATE_LEFT(x, n) ( ( (x) << (n) ) | ( (x) >> 8*sizeof(x) - (n) ) )
I beg your pardon for the mistake. |
|
|
| How can I get the Binary Code for a Hex number
and ow to know what long (incrypt) is it
|
|
|
| Kevin,
If x is signed and negative, the right shift will drag ones into the space where you're ORing the left shifted data. You will not get what you're expecting.
- Mike <http://pnmx.com/> |
|
|
|
|
|
Anonymously add a comment: (or register 
Copyright Open Source Institute, 2006 
The mysterious MD5 algorithm
