Description of MD5, hash and MD5 Collisions

1. Message Digest5
Prof. Neeraj Bhargava
Kapil Chauhan
Department of Computer Science
School of Engineering & Systems Sciences
MDS University, Ajmer

2. Introduction
Initial checking of integrity – checksums, then CRC
These are only good at detecting lost information due
to hardware or transmission errors

3. Potential Attack
A wants to obtain privileges from B
A generates two messages with the same hash
values
A presents an innocent message to B for his
digital signature
A applies the signature to the other malicious
message with the same hash

4. MD5
The solution lay in one-way hashing algorithms
These should keep two messages from colliding
They should also be sufficiently difficult to
reverse-engineer

5. MD5
MD5 represents the fifth iteration designed by
Ronald Rivest (RSA)
Others from other authors include Whirlpool and
SHA
MD5 is open-source and released under the GPL
MD5 is optimized for use on 32-bit computers

6. MD5 Hashing
MD5("The quick brown fox jumps over the lazy dog") =
9e107d9d372bb6826bd81d3542a419d6
MD5("The quick brown fox jumps over the lazy cog") =
1055d3e698d289f2af8663725127bd4b
MD5("") = d41d8cd98f00b204e9800998ecf8427e

7. Modern Flaws
MD5 uses a short 128-bit hash
MD5 has become a popular hashing tool through
PHP
PASSWORD HASHING
Rivest says his algorithm was never designed for
this usage
Long messages that need an integrity check
before encryption

8. MD5 Flaws
Rainbow tables for passwords
COLLISIONS!

9. MD5 Collisions
2004 Wang et. al delivered an algorithm that could
produce collisions in a few hours on an IBM p690
cluster
Algorithm was improved by Lenstra et. al in 2005 to a
few hours on a single laptop

10. Conclusion
A digest algorithm does not provide integrity if
collisions are so simple to produce
SHA or Whirlpool should be considered until a
replacement for MD5 can be found