Encryption Algorithm (III)-MD5

Source: Internet
Author: User
Tags rounds
The full name of MD5 is message-Digest algorithm 5, which was invented by MIT's computer science lab and RSA Data Security Inc in Early 1990s and developed by md2, md3, and md4.

Message-digest refers to the hash transformation of a message, which is to convert a byte string of any length into a long big integer. Note that I use the word "Byte string" instead of "string" because this conversion is only related to the value of the byte and has nothing to do with the character set or encoding method.

MD5 converts a "Byte string" of any length into a large integer of BITs, and it is an irreversible String Conversion Algorithm. In other words, even if you see the source program and algorithm description, it is also impossible to convert an MD5 value back to the original string. In terms of mathematical principle, it is because there are infinite numbers of original strings, which is a bit like a mathematical function without an inverse function.

A typical application of MD5 is to generate fingerprint (fingerprint) for a message (byte string) to prevent "tampering ". For example, you write your statement in a readme.txt file and generate an MD5 value for this readme.txt file and record it. Then you can spread the file to others. If someone else modifies any content in the file, you will find it when re-calculating the MD5 value for this file. If there is another third-party certification authority, MD5 can also prevent the "credit" of the file author. This is the so-called digital signature application.

MD5 is also widely used in encryption and decryption technology. In many operating systems, users' passwords are stored in MD5 values (or similar algorithms, the system calculates the password entered by the user into an MD5 value, and then compares it with the MD5 value saved in the system. The system does not "know" what the user password is.

Some hackers crack this password in a way called "Running Dictionary. You can use either of the following methods to obtain the dictionary: Daily The string table used for password collection, and the other is generated by means of permutation and combination. the MD5 values of these dictionary items are calculated using the MD5 program, then use the MD5 value of the target to search in this dictionary.

Even if the maximum length of the password is 8, the password can only contain letters and numbers, a total of 26 + 26 + 10 = 62 characters, the number of items in the dictionary is P () + P ).... + P (), which is already a very Astronomy To store the dictionary, you need a TB-level disk group. This method also requires that you can obtain the MD5 value of the password of the target account.

In many e-commerce and community applications, managing users' accounts is the most commonly used basic function. Although many application servers provide these basic components, however, many application developers prefer to use relational databases to manage users for higher management flexibility. The lazy way is that users' passwords are stored in the database directly after being converted in plain text or simply, therefore, these users' password Pairs Software The developer or system administrator can say that there is no confidentiality. The purpose of this article is to introduce the implementation of the MD5 Java Bean and provide an example of using MD5 to process the user's account password, this method prevents administrators and program designers from seeing users' passwords even though they can initialize them. However, it is important to protect user password settings.

If you are interested, you can obtain the MD5 text, that is, the text of RFC 1321. Http://www.ietf.org/rfc/rfc1321.txt

MD5 Algorithm Description

I. Makeup
Ii. Data population Length
3. initialize the MD5 Parameter
Iv. bitwise operation functions
V. Main Transformation Process
Vi. output results

Makeup:
The MD5 algorithm first supplements the input data so that the result of Len's 512-plus length is 448. That is, data is extended to K * 512 + 448 bits. That is, K * 64 + 56 bytes, and K is an integer.
Specific bit filling operation: Fill in 1, and then fill 0 to meet the above requirements.
Data population length:
Use a 64-bit number to represent the original length of data B, and use two 32-digit digits to represent B. In this case
The data is filled into a multiple of the length of 512 bits.
Initialize the MD5 parameter:
Four 32-bit integers (A, B, C, D) are used to calculate the information digest, and The hexadecimal tabulation is used for initialization.
Number
A = 0x01234567
B = 0x89abcdef
C = 0xfedcba98
D = 0x76543210

Bitwise operation functions:
X, Y, and Z are 32-bit integers.
F (x, y, z) = x & Y | not (x) & Z
G (x, y, z) = x & Z | y? (Z)
H (x, y, z) = x XOR y XOR Z
I (x, y, z) = y XOR (X | not (z ))

Main transformation process:
Use the regular array T [1... 64], t [I] is a 32-bit integer expressed in hexadecimal notation, and the data is represented in 16 32-bit
The integer array M.
The specific process is as follows:

/* Process the original data */
For I = 0 to N/16-1 do

/* Each time, the original data is stored in array X of 16 elements .*/
For J = 0 to 15 do
Set X [J] to M [I * 16 + J].
End/end the loop on J

/* Save a as AA, B as BB, C as CC, and D as DD.
*/
AA =
BB = B
Cc = C
Dd = d

/* 1st rounds */
/* Use [abcd k s I] to indicate the following operations:
A = B + (a + F (B, c, d) + X [k] + T [I]) <s ).*/

/* Do the following 16 operations .*/
[ABCD 0 7 1] [dabc 1 12 2] [cdab 2 17 3] [BCDA 3
22 4]
[ABCD 4 7 5] [dabc 5 12 6] [cdab 6 17 7] [BCDA 7
22 8]
[ABCD 8 7 9] [dabc 9 12 10] [cdab 10 17 11] [BCDA
11 22 12]
[ABCD 12 7 13] [dabc 13 12 14] [cdab 14 17 15]
[BCDA 15 22 16]

/* 2nd rounds **/
/* Use [abcd k s I] to indicate the following operations:
A = B + (a + g (B, c, d) + X [k] + T [I]) <s ).*/
/* Do the following 16 operations .*/
[ABCD 1 5 17] [dabc 6 9 18] [cdab 11 14 19] [BCDA
0 20 20]
[ABCD 5 5 21] [dabc 10 9 22] [cdab 15 14 23]
[BCDA 4 20 24]
[ABCD 9 5 25] [dabc 14 9 26] [cdab 3 14 27] [BCDA
8 20 28]
[ABCD 13 5 29] [dabc 2 9 30] [cdab 7 14 31] [BCDA
12 20 32]

/* 3rd rounds */
/* Use [abcd k s I] to indicate the following operations:
A = B + (a + H (B, c, d) + X [k] + T [I]) <s ).*/
/* Do the following 16 operations .*/
[ABCD 5 4 33] [dabc 8 11 34] [cdab 11 16 35]
[BCDA 14 23 36]
[ABCD 1 4 37] [dabc 4 11 38] [cdab 7 16 39] [BCDA
10 23 40]
[ABCD 13 4 41] [dabc 0 11 42] [cdab 3 16 43]
[BCDA 6 23 44]
[ABCD 9 4 45] [dabc 12 11 46] [cdab 15 16 47]
[BCDA 2 23 48]

/* 4th rounds */
/* Use [abcd k s I] to indicate the following operations:
A = B + (a + I (B, C, D) + X [k] + T [I]) <s ).*/
/* Do the following 16 operations .*/
[ABCD 0 6 49] [dabc 7 10 50] [cdab 14 15 51]
[BCDA 5 21 52]
[ABCD 12 6 53] [dabc 3 10 54] [cdab 10 15 55]
[BCDA 1 21 56]
[ABCD 8 6 57] [dabc 15 10 58] [cdab 6 15 59]
[BCDA 13 21 60]
[ABCD 4 6 61] [dabc 11 10 62] [cdab 2 15 63]
[BCDA 9 21 64]

/* Perform the following operations */
A = a + AA
B = B + BB
C = C + CC
D = d + dd

End/* end the I loop */

Output result.

 

 

 

The RSA algorithm is very simple and is outlined as follows:
Find two prime numbers: p and q.
N = p * q
Take t = (1) * (q-1)
Take any number E, which must meet e <t and E and T (that is, the maximum public factor is 1)
Take D * E % T = 1

In this way, three numbers are obtained: n d e.

Set the number of messages to M (M <n)
Set c = (M ** d) % N to get the encrypted message C
Set M = (C ** e) % N to M = m to decrypt C.
Note: ** indicates the power. The values of D and E in the preceding two formulas can be exchanged.

In symmetric encryption:
The numbers n d constitute the public key, which can tell others;
The numbers n e constitute the private key, and E is kept by itself, so that no one can know it.
The information sent to others is encrypted by E. As long as someone else can unlock D, it proves that the information is sent by you and forms a signature mechanism.
D encryption is used when others send you information, so that only those with e can decrypt it.

The security of RSA lies in that there is no effective way to break down a large number of N.
Therefore, e cannot be obtained when n d is known, and n e is also known.
Obtain D.

RSA is concise and elegant, but its computing speed is relatively slow. Generally, RSA is not directly used in encryption to encrypt all information,
The most common scenario is to randomly generate a symmetric encryption key, encrypt the information using the symmetric encryption algorithm, and then use
RSA encrypts the encryption key.

Finally, it must be noted that the N with less than 1024 bits has been proved unsafe.
Do not use RSA with less than 1024 bits. It is best to use 2048 bits.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.