MD5 ALGORITHM

1. MD5 ALGORITHM past and present

2. History • Initial checking of integrity – checksums, then CRC • These are only good at detecting lost information due to hardware or transmission errors

3. History • The checksum has no real protection of data integrity • Easily circumvented or reverse-engineered

4. Potential Attack • A wants to obtain privileges from B • A generates two messages with the same hash values • A presents an innocent message to B for his digital signature • A applies the signature to the other malicious message with the same hash

5. Cryptography • The solution lay in one-way hashing algorithms • These should keep two messages from colliding (having the same hash) • They should also be sufficiently difficult to reverse-engineer

6. Cryptography • MD5 represents the fifth iteration designed by Ronald Rivest (RSA) • Others from other authors include Whirlpool and SHA • MD5 is open-source and released under the GPL • MD5 is optimized for use on 32-bit computers

7. MD5 Hashing • MD5("The quick brown fox jumps over the lazy dog") = 9e107d9d372bb6826bd81d3542a419d6 • MD5("The quick brown fox jumps over the lazy cog") = 1055d3e698d289f2af8663725127bd4b • MD5("") = d41d8cd98f00b204e9800998ecf8427e

8. Modern Flaws • MD5 uses a short 128-bit hash • MD5 has become a popular hashing tool through PHP • PASSWORD HASHING • Rivest says his algorithm was never designed for this usage • Long messages that need an integrity check before encryption

9. MD5 Flaws • Rainbow tables for passwords • COLLISIONS!

10. MD5 Collisions • 2004 Wang et. al delivered an algorithm that could produce collisions in a few hours on an IBM p690 cluster • Algorithm was improved by Lenstra et. al in 2005 to a few hours on a single laptop

11. Final thoughts • A digest algorithm does not provide integrity if collisions are so simple to produce • SHA or Whirlpool should be considered until a replacement for MD5 can be found