Académique Documents
Professionnel Documents
Culture Documents
I NI NI 2
0 2 [65 and 19] 4
4 2 [79 and 33] 4
5 1 [9] 1
6 2 [40 and 31] 4
7 1 [25] 1
∑ ni2 = 14
Evaluating whether h(x) is good hashing function
∑ni2 < 2n
14 < 16
The primary hash function is a good hash function. Proceeding to creating the secondary hash
function as summation of ni2 is less than 2n.
Creating a secondary hash function and choosing arbitrary values for ai and bi
index mi ai bi hi
0 4 5 37 ((5k+37) % 83) MOD 4
4 4 7 23 ((7k+23) % 83) MOD 4
5 1 0 0 ((0k+0) % 83) MOD 1
6 4 13 19 ((13k+19) % 83) MOD 4
7 1 0 0 ((0k+0) % 83) MOD 1
Primary and Secondary Slots for keys
Key Pr Hash Index h(x) Sec Hash Index hi(x)
79 4 2
33 4 1
25 7 0
65 0 2
40 6 1
9 5 0
19 0 1
31 6 3
Message Digest 5 simply referred to as md5 is a hashing function that takes in a message of
arbitrary length and produces a 128-bit hash value called a fingerprint or message digest. It was
designed by an MIT Professor Ronald Linn Rivest in 1991 to replace an earlier hash function
called md4. According to a specification by the internet Engineering task force (IETF),
hypothetically, it is computationally infeasible to produce two messages having the same
message digest, or to produce any message having a given prespecified target message digest.
It was primarily intended for digital signature applications where large files must be
compressed in a secure manner before being encrypted with a secret key under a public-key
cryptosystem. For instance, downloads of Linux OS Distributions. Over the past years its use
has been broadened to more than just digital signatures.
Other applications of md5 include: providing assurance to validity of downloaded file using
checksums (md5checksums), electronic discovery and one-way encryption for password
storage. For the password storage key stretching is added to enhance security of the passwords.
This discussion attempts to evaluate whether md5 can be decrypted or not by analyzing how it
works and its potential weaknesses.
md5 works in 5 steps to produce an output.
Step 1 of the md5 algorithm is to append padding bits to the message:
The message is extended to that its length in bits is congruent to 448, module 512. Even when
the message length is already congruent to 448, modulo 512, padding is still performed. A
single 1 bit is appended to the message and then 0s are appended so that the length of the
message becomes congruent to 448, modulo 512. In all cases a maximum of 512 and a
minimum of 1 bit may be appended.
Step 2 of the algorithm is appending length:
The result from the first step is appended with a 64-bit representation of the length of original
message before padding was done. At this point the message has a total length that is a
multiple of 512 bits. The message has a length that is an exact multiple of 16 words, each
having 32-bit.
Step 3 is initialization of the md buffer:
A four-word buffer A, B, C, D is used to compute the message digest and each of them is a
32-bit register. Each is initialized with hex values starting with low order bytes.
Step 4 is the actual processing of the message digest in 16-Word blocks:
During this step the algorithm uses auxiliary functions that take as input 3 32-bit words and
produce a 32-bit word as output.
Step 5 is the actual output:
This is the final step of the algorithm. The message digest is produced as A, B, C, D. the
message digest begins with the low order bytes of A and end with the high order byte of D.
It should be noted that md5 is not a usual encryption where original message can be
encrypted into a cipher and then decrypted back to the original form with a key. md5 is one-
way hash function meaning it does not provide with mechanism of converting the hash value
to its original message. Considering how the algorithm works we concluded that an md5
hash cannot be decrypted. Here decryption refers to the sense where an algorithm can
reverse the hash into the original text.
md5 has its weaknesses that make people exploit its hashes but it is nowhere near decryption.
These weaknesses include the pseudo-collision attack, birthday attack and dictionary method
attack. In pseudo collision attack, longer messages collide since we append to the suffix of
both messages. This makes it possible to recover the original message of a hash value by
brute force. In the dictionary method attack, a list of commonly used words are hashed and
the attacker maintains a database of key hash pairs. A user’s hash is then compared against
the database, if a match is found then the original key is retrieved to reveal the original
message. If you carefully look at it this isn’t really decrypting.
In our exploration we tested 2 websites that claim that they can decrypt md5 hashes:
md5decrypt.net and hashkiller.co.uk. if you go to these sites with your own hash of a
commonly used word and try to decrypt it, they will give you the original text. If you go with
a hash of a rarely used word or password combination, these sites fail to decrypt to you the
original text. They explicitly notify you that the hash was not found in their database.
Surprisingly if you try to encrypt the same original text on the same site and attempt to
decrypt it back, it returns back successfully. This is because for every encryption made, they
add the hash value and the original text to their database for future comparison.
References
Leek, T. (2013, june 28). Retrieved from stackexchange:
https://security.stackexchange.com/questions/38141/if-hashing-is-one-way-why-can-we-
decrypt-md5-hashes
Rivest, R. (1992, April). rfc1321. Network Working Group. Retrieved from ietf:
https://tools.ietf.org/html/rfc1321
Group Members
Pemphero Chiutsi [BIS/14/NE/003]
Francis Ganya [BIS/14/NE/004]
Johns Kumchenga [BIS/14/NE/016]
Jessica Mbeye [BIS/14/NE/023]