Learning Information security knowledge together (1) -- the principle of a small story

In about 04 years, we took the Cryptography technology and principles course one night.

The teacher just stood on the podium and said to us happily,

"I have just attended an international cryptography academic conference. It is a joke that I have cracked the MD5 algorithm. How can this algorithm be cracked."

At that time, we also made it a joke. However, it turns out that this is not a joke, that is, Wang Xiaoyun cracked MD5 at the time. In this case, we need to know:

1. You may not be able to do things you dream about;

2. There is no impossible thing. For example, RSA is currently very robust, but if the algorithm is cracked one day, the security system in today's world will crash.

 

Next, let's take a look at MD5.

 

MD5 is short for message digest 5, that is, message digest. It is a hash algorithm, or a hash algorithm. We can regard the MD5 algorithm as a funnel. No matter how much data you put into the funnel, we can only get a 16-byte (128-bit) data, this data is called hash value, hash value, message digest, or MD5 value. It is like, no matter how many grains of rice you pour into the funnel, the number of Rice finally comes out of the funnel is only 128, even if you only pour 1 grain of rice. This funnel generates the hash value through rotation, replacement, and other methods. This algorithm is unidirectional, lossy, and irreversible.

The MD5 algorithm is public, that is, you can know how the MD5 algorithm generates 16-byte hash values step by step for data. Suppose there is data a whose hash value is H, so it is difficult to find another data B (not equal to a), so that the hash value of B is equal to H, if you find data B, it means that data B is in conflict with data. Wang Xiaoyun finds a collision data that can quickly find data a, and can not only find a collision, but also find many collisions.

Let's talk about the purpose of MD5, and then discuss the issues after MD5 cracking.

The most common application is the password of our computer. For example, our password is 123456. In fact, in the hard drive of the computer, the value 123456 is not really saved, instead, the hash value of 123456 is saved to prevent malicious users from knowing the real password. The password cannot be reversed Based on the hash value. However, according to Wang Xiaoyun's cracking, using MD5 is not safe.

In the security field, MD5 will be used in the digital signature process.

Though MD5 is cracked, MD5 is still used in some applications. This is like sending emails in plain text. Even if there is some sensitive information, we can think that no one listens to the network. However, for some important applications, MD5 is not used, but sha1 is safer.

Sha1 is also a hash algorithm with a hash value of 20 bytes.

[Do not reprint without permission]