2. Overview
• Purpose of MD5 and Hash Encryptions
• Examples
• MD5 Algorithm
• Explanation of Possible Security Risks
• Practical Applications Through Code
• Possible Future Security Risks
3. [location] md5 attr. (word/file)
Attributes:
-s indicates string input, not file!
ex. md5 -s test
-r reverses print of hash/word
ex md5 -r -s test
-q overrides -r, only md5 sum printed
ex md5 -q -s test
-t built-in time test
ex md5 -t
Other Attributes: [-p -x]
Note:
-s must be the last attribute
or it will think everything
past is the string
Macintosh MD5 Terminal
Execution
4. Windows md5 Command Line
Execution
Not Built In To Windows Command Line
Example
md5sum [filename]
Ex: C:/md5sum test.txt
[Or wherever the md5sum.exe is located]
-b Reads Files In Binary Mode
-c Checks Digest Against Given List
-w Warns About Improperly Formatted md5 Checksums
5. Difficulty In Cracking
• Md5, with its 128bit encryption algorithm has
1,280,000,000,000,000,000 possible combinations.
• Even if the exact same hash value found, possible other
string combination could have created it.
• It is considered that the md5 message digest would take an
unrealistic time to crack via brute force attack.
6. MD5 Completely Secure?
It most definitely is a better algorithm than its
predecessors, however, flaws(defects) do allow for exploits
(utilise) to the system.
Although it is likely that there are more than
the two types of cracking techniques that I have
been able to find, I shall only discuss the two most
widely known.
7. Possible Techniques
• Brute Force (easiest, but success low)
• A brute force attack simply tries all possible
combinations, until it finds the correct solution.
• Collision Checking (harder to implement)
• Collision checking is the attempt to find two
different inputs to the md5 algorithm which
create the same generated hash.
8. Uses of MD5 Encryption
• Digital Signatures (Authentication)
• Certificates
• One-Way Encryption
• Secure storage of information that does not
need to be deciphered.
9. Digital Signatures
Possibly the best reason for having an md5
algorithm is for the use of digital signatures. They
allow other people to digitally verify that whatever
document they received is actually authentic and
not tampered with.
Couldn’t find any free software to create
digital signatures, or source code to hardcode it into
any language. Therefore I can’t show any examples
of digital signatures or certificates in use.
10. Collisions As Security Hazard
Collisions are the main hazard when dealing
with the md5 algorithm, as collisions, or two files
that produce the same hash signature.
To verify a document, a md5 hash of the file is
created and sent along with the document as a certificate.
When the other user receives the file, it is certified to
either be the original, or a tampered with document. This
is done by hashing the file again upon arrival, and
comparing the two hash signatures. If they match, the
document is said to be authentic.
11. Therefore, if someone were to be able to create
another document with completely different content,
but producing the same hash signature, it would still
be said to be authentic.
12. Pros/Cons MD5
• Easy to use
• Widely used
• Considered secure
• Difficult to crack
• Is susceptible to brute
force attacks
• Hash collisions is a
known flaw
• Quantum computers
would make such an
algorithm worthless