2. 20/04/2016 Information Security 2
Outlines
1. Introduction to Hash functions
2. Message Digest 5 (MD5)
3. Applications
4. MD5 collision
5. Implementation of MD5 in Java
6. Attacks on MD5
7. Rainbow tables
8. How rainbow tables work?
9. Conclusion
3. 20/04/2016 Information Security 3
Introduction to Hash functions
Hash functions are third type of cryptography.
Hash functions generate shortlength strings from
arbitrary length input message.
4. 20/04/2016 Information Security 4
Introduction to Hash functions
Hash functions have three fundamental properties:
It must be able to easily convert digital information
(message) into a fixed length value.
It must be computationally impossible to find two
files to have the same hash.
It must be computationally impossible to derive any
information about the input message from just the
hash.
Note: the main difference between hashing and
encryption is that a hash is not reversible.
5. 20/04/2016 Information Security 5
Message Digest 5 (MD5)
MD5 is a hash function that was developed in 1991
by Ronald Rivest.
MD5 produces a 128bit (16 byte) hash value,
typically expressed in text format as a 32 digit
hexadecimal number.
6. 20/04/2016 Information Security 6
Applications
MD5 is used to verify file integrity and to encrypt
passwords
Verification of file integrity
File servers often provide a precomputed MD5
checksum for the file, so the user can compare the
checksum of the downloaded file to it.
7. 20/04/2016 Information Security 7
Applications
Passwords encryption
A more secure way is to store a
hash of the password, rather
than the password itself.
8. 20/04/2016 Information Security 8
MD5 collision
A collision is when there are two files with the same
hash. The first practical collisions on MD5 were in
2004 by Wang, Feng, Lai and Yu.
10. 20/04/2016 Information Security 10
Attacks on MD5
Rainbow tables
A rainbow table is a precomputed tables for
reversing cryptographic hash functions.
A rainbow table makes brute forcing a password
hash much easier, by removing the most
computationally complicated part of a brute force.
The values are already computed, it's simplified to
just a simple searchandcompare operation on the
table.
11. 20/04/2016 Information Security 11
How rainbow tables work?
Rainbow tables use reduction and hash functions.
A hash function maps plaintexts to hashes, the
reduction function maps hashes to plaintexts.
There are two methods to find a given plaintext:
Hash each plaintext one by one, until we find the
hash
Hash each plaintext one by one, but store each
generated hash in a stored table so that we can easily
look the hash up later without generating the hashes
again.
13. 20/04/2016 Information Security 13
Conclusion
Password storage is one important aspect of data
security.
MD5 is used for encrypting plaintext passwords into
strings that theoretically can't be deciphered due to
their oneway encryption feature.
Rainbow tables are the new generation of cracking,
using advanced method for cracking passwords.
There were improvement on MD5 processing by adding
salt value, which makes passwords more resistant to
rainbow tables.
14. 20/04/2016 Information Security 14
References
Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu.
Collisions for Hash Functions MD4, MD5, HAVAL128 and
RIPEMD. Cryptology ePrint Archive, Report 2004/199, 2004.
http://eprint.iacr.org/.
Xiaoyun Wang and Hongbo Yu. How to Break MD5 and Other
Hash Functions. In Ronald Cramer, editor, Advances in
CryptologyEUROCRYPT 2005, volume 3494 of Lecture Notes
in Computer Science, pages 19–35. Springer, 2005.
Rivest, R., The MD4 Message Digest Algorithm, RFC 1320,
MIT and RSA Data Security, Inc., April 1992.
15. 20/04/2016 Information Security 15
References
Mary Cindy Ah Kioon, Zhao Shun Wang and Shubra Deb Das.
Security Analysis of MD5 algorithm in Password Storage, 2013,
pages 4.
Praveen Gauravaram, Adrian McCullagh and ED Dawson.
Collision Attacks on MD5 and SHA1: Is this the “Sword of
Damocles” for Electronic Commerce?, 2006, pages 7388.
WarpBoy. Rainbow tables explained, 2006, pages 11.
source URL: https://en.wikipedia.org/wiki/Rainbow_table,
April 16 th , 2016, visited 18/04/2016.