This document summarizes the MD5 algorithm and proposes methods to strengthen it against cracking. It analyzes the MD5 algorithm and common cracking approaches. It then proposes several measures to improve MD5 security, including increasing password complexity, using secondary encoding, and increasing the length of the MD5 hash value through concatenation to reduce collision probability. It includes a demonstration program that implements one proposed method of increasing hash length through multiple encodings and concatenation.

1. 2010 Second International Conference on MultiMedia and Information Technology
MD5 research
ZhaoYong-Xia Zhen Ge
Information Engineering School Information Engineering School
Wuhan University of Sciences and technology Wuhan University of Sciences and technology
Zhongnan Branch, Zhongnan Branch,
Wuhan ,China, 430223 Wuhan ,China, 430223
zhaoyongxia@sohu.com zhenge14@163.com
Abstract—This paper describes the MD5 algorithm. It analyses But even the top-secret area, MD5 may well be an excellent
the theories from program codes and sums up some current crack intermediate technology.
approaches of this algorithm. According to these crack ways, the
paper brings forward the corresponding measures for III. MD5 REINFORCEMENT
improvement and adopts procedures to achieve a project to prove
As we all know, if you want to crack passwords, it not
its validity.
only requires cipher text but also a cryptographic function.
Keywords- MD5;HASH; irreversible algorithm With the encryption function, you can derive the decryption
function, let alone the MD5 is no inverse function. Even you
can find the MD5 HASH by the 16-bit and 32 bit hex
I. INTRODUCTION immediately, decryption is also very difficult because MD5
With the increasing popularity of computers and the does not frequently exist by himself. And the most simple
Internet in the past two decades, people have paid more and way is to reverse the original passwords or make ASCII
more attention on information and network security which yards plus N or conduct MD5 encoding together with certain
results in a number of Encryption algorithms coming into prefixes and suffixes, which can be able to change the easy
being. MD5 algorithm is currently the mainstream for the passwords into complex passwords, so that workers can not
cryptographic check and file check. In the databases of many easily get original passwords through MD5 when login in the
sites, even in the UNIX and LINUX operating systems, users websites or breaking. However, these methods have been
login passwords to preserve by taking the check form of adopted by many websites forums or software vendors.
MD5 .However, as time goes by, the security of the
A. The reinforcement of password checkout
algorithm is not as good as those years. Therefore, this paper
puts forward a series of improvement program about MD5 Simple algorithm
checksum to make its safety performance be improved. With the reversed password, ASCII yards + N or the
modified link variables is generally used in some security-
II. THE BRIEF INTRODUCTION OF MD5 conscious sites or forums for the simple and effectiveness of
MD5, with the full name of the Message-digest algorithm process. They have excellent safety performance
Algorithm 5, is the fifth generation on behalf of the message until the leak of encryption source codes.
digest algorithm. In August 1992, Ronald L.Rivest submitted Prefixes and suffixes algorithm
a document to the IETF (The Internet Engineering Task After encoding the MD5, you can save MD5 HASH and
Force) entitled “The MD5 Message-Digest Algorithm”, the original text of passwords with random characters
which describes the theory of this algorithm. For the together, and then conduct the comparison after adding this
publicity and security of algorithm, it has been widely used new version before and after the original text. The
to verify data integrity in a variety of program languages randomness is a major obstacle to decrypt, the workers can
since the 1990s. not be able to get the solution if they adopt the
MD5 was developed from MD, MD2, MD3 and MD4. It contemporarily popular law-breaking or query method. The
can compress any length of data into an information digest of famous FTP server software namely adopts this method.
128bits while this segment message digest often claims to be The Secondary encoding
a digital fingerprint of the data. This algorithm makes use of The probability of cracking this method is zero after the
a series of non-linear algorithm to do the circular operation, worker continuing the secondary encoding that they encode
so that crackers can not restore the original data. In the original password text plus MD5 encoding, because the
cryptography, it is said that such algorithm as an irreversible primary text had been disordered after carrying out the first
algorithm, can effectively prevent data leakage caused by encoding .The famed Tencent QQ also adopt this BASE64 +
inverse operation. Both the theory and practice have good MD5 algorithm.
security, because the use of MD5 algorithm does not require Such an approach is numerous, and you will be able to
the payment of any royalties, time, and cost less which make make it as long as you can think that. If you synchronously
it be widely used in the general non-top-secret applications. use these methods, MD5 check field will be able to revive in
the password field.
978-0-7695-4008-5/10 $26.00 © 2010 IEEE 271
DOI 10.1109/MMIT.2010.186

2. B. The reinforcement of file Checkout the new file created by adding 3 to the last number of the
With regard to document checkout reinforcement, it is original file.
not so simple because the original file is equivalent to ……
something that is proclaimed in writing. In the case of an When the level set as 15, the procedure will make a
express writing being published, the prefix method can be concatenation that created at level 14 with the MD5 HASH
easily used to deceive the general computer users. The of the new file created by adding F to the last number of the
following methods can change experts’ ideas of MD5 which original file.
is no longer suitable for the file checksum. This is just a simple and easy solution to implement the
Key document method increasing length of HASH. In this set of proposals, the
The key document method is no longer a simple HASH operation object of the procedure is not necessarily the last
checksum document, which will be added a small file of a digit, because the first, the penultimate position, or a certain
few KB capacities. We tentatively named it as the key file. period of data streams can be suitable. In addition, the
This method attaches key file to the original file to generate a calculations do not necessarily be addition, multiplication,
new file, and then adopts MD5 encoding to the new file. The division, mixed operations or logic operation, as long as it on
solution may be effective, but the check process will be more the basis of the original documents can be carried out.
complex and the collision probability not has been Generated longer HASH by more complex computing can
diminished because the generated HASH still keeps the obtain more secure document verification.
former length. 4) If you want to directly compare with the foregone
HASH strings and directly enter the HASH into the input
The length increase method
text box to compare with the calculated result from the
Using this method to generate the HASH value may no
previous step. If you want to make a contrast between two
longer be 128bit, but its multiples. This method is to open
files’ HASH, click on [<<] or copy the generated HASH in
the original file in the form of 16 hexes and to carry out
the previous step into a textbox, and then open another file,
appropriate change to generate a new file at first, and then
the worker makes a concatenation between the original file select the same LEVEL, and calculate its HASH.
and the new MD5 HASH file to generate two or more times 5) The program will compare the contents of the textbox
of the former HASH value’s length. When the HASH on both sides, and reflect the comparison results to users
becomes longer, its collision probability in theory, would through the message box, as shown in Fig 1 below.
become smaller. The two documents in Figure 1 have the same HASH at
Therefore, I give a demonstration program in particular the first line, but the actual contents are different, indicating
and divide it by 16 levels of security to prove my viewpoint. this is a common collision files aiming at the MD5 checksum.
This procedure generates a fourfold HASH than the length of
This program uses the idea of extending HASH length to
reduce the collision probability. It will open a file in the form the original MD5 HASH, Theoretically, reducing the
of hex, and then put the figure 1 in the last digit of the file to probability of collision plus uncertainty of check levels; you
get a new and different file whose number is decided by the will find it hard to create a crash file in response to it. I’m
security level (0 ~ 15).The workers calculate the MD5 able to take the lead in putting forward this method and there
HASH of the original files and these new files, then make a are no similar tools for strengthening documents’MD5
concatenation of these MD5 HASH to get a new string of checksum.
long HASH value. After a little strengthening, MD5 becomes a rock solid.
The program procedure: We can find that the algorithm is sufficiently tough vitality.
1) Open the file read the file flux, after setting up its type IV. CONCLUSION
and then show it in the main window of the program.
2) Wait for user to choose level, the default is zero, Recently, a pure MD5 encryption still has been widely
which is also the original MD5code. used. However, with the rapid development of CPU
3) According to the level users choose, create new file by technology, the crack speed will be faster and faster. We
adding 1 to the previous file, and then conduct concatenation might welcome a DIY era of MD5 class HASH algorithm
coding on the new file. During the process, the system will after a network security crisis in the future. At that time, each
delete the new file automatically. designer is likely to rewrite a part of their own unique
Thus: When the level set as 0, the procedure will carry encryption algorithm for the user, web sites and escort
through the primary MD5 coding. procedures, opening the "Strengthened algorithm" new era.
When the level set as 1, the system will make a
concatenation the MD5 HASH with the new file created by
REFERENCES
adding 1 to the last number of the original file.
When the level set as 2,the procedure will make a [1] R. Rivest. The MD5 Message-Digest Algorithm [rfc1321], 1992
concatenation that created at level 1 with the MD5 HASH of [2] Wang Xiaoyun, Chen Yin ru. Collision Analysis for Every Round
Function of the MD5, 1996
the new life created by adding 2 to the last number of the
[3] Wang Xiaoyun. How to Break MD5 and Other Hash Functions, 2005
original file.
When the level set as 3,the procedure will make a [4] Zhao Shaolan, Xing Guobo, Yang Yixian. The Analysis on
Amelioration and Security of MD5, 200
concatenation that created at level 2 with the MD5 HASH of
272

3. Figure 1. The length increase method is adopted to make a validation between Collision File msg1.bin and msg2.bin generated by prefix algorithm.
273