MD5 Encryption algorithm

Source: Internet
Author: User
Tags bitwise md5 encryption rounds

MD5 is a secure hashing algorithm, input two different plaintext will not get the same output value, according to the output value, can not get the original plaintext, that is, its process is irreversible; So to decrypt MD5 there is no ready-made algorithm, only with the poor lifting method, the possible clear text, with the MD5 algorithm hash, The resulting hash value and the original data form a one-to-one mapping table, through the comparison in the table than the crack cipher MD5 algorithm hash value, by matching from the mapping table to find out the original plaintext corresponding to the decryption password.

For information systems or Web systems, the MD5 algorithm is mainly used in the user registration password encryption, for the common strength of password encryption, can be broken through the following three ways:

(1) Online search password. Some online MD5 value Query Web site provides MD5 password value of the query, enter the MD5 password value, if it exists in the database, then you can quickly get its password value.

(2) Use MD5 Hack tool. There are many special software for MD5 cracking on the network, which can be cracked by setting up a dictionary.

(3) Obtaining or re-setting the user's password through social engineering.

So simple MD5 encryption is no way to achieve absolute security, because the ordinary MD5 encryption has a variety of brute force, so if you want to ensure the security of information system or website, need to transform MD5, enhance its security, this is the MD5 encryption algorithm based on the improvement!

2.MD5 algorithm Application

A simple example: string encryption and file encryption

String encryption

Mode one: public string getmd5string (string pwd) {MD5CryptoServiceProvider md5=new md5cryptoserviceprovide (); byte[] Data= System.Text.Encoding.ASCII.GetBytes (PWD); byte[] Md5data=md5.computehash (data); StringBuilder builder=new StringBuilder (); for (int i=0;i<md5data. length-1;i++) {Builder. Append (Md5data[i]. ToString ("X2"));    } return builder;} Mode two: public string GetMd5 (String msg) {string cryptstr = ""; MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider (); byte[] bytes = Encoding.UTF8.GetBytes (msg); byte[] cryptbytes = Md5.computehash (bytes); for (int i = 0; i < cryptbytes.length; i++) {cryptstr + = Cryptbytes[i]. ToString ("X2");} return CRYPTSTR;}

File encryption

MD5 Encrypted File string GetFileMd5 (string path) {string ctyptstr = ""; byte[] cryptbytes;using (FileStream fs = new FileStream (path,f {MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider (); cryptbytes = Md5.computehash (fs);} for (int i = 0; i < cryptbytes.length; i++) {ctyptstr + = Cryptbytes[i]. ToString ("X2");} return CTYPTSTR;}

2.1MD5 Encryption principle

MD5 handles the input information in 512-bit groupings, and each grouping is divided into 16 32-bit subgroups, and after a series of processing, the output of the algorithm consists of four 32-bit groupings, and the four-bit grouping cascade will generate a 32-bit hash value.

In the MD5 algorithm, it is necessary to fill the information first, so that the result of its byte length to 512 remainder is equal to 448. Therefore, the byte length of the information (Bits length) is extended to n*512+448, which is n*64+56 bytes (Bytes) and n is a positive integer. Fill the method as follows, filling in a 1 and countless 0 after the information, until the above conditions are met to stop filling with 0 information. It then appends the result with a 64-bit binary representation of the length of the information before the fill. With this two-step process, the information byte length =n*512+448+64= (n+1) *512, that is, the length is exactly 512 integer multiples. The reason for this is to meet the information length requirements in the later processing. There are four integer parameters in MD5 that are called link variables (Chaining Variable), respectively: a=0x01234567,b=0x89abcdef,c=0xfedcba98,d=0x76543210. When these four link variables are set, the four-wheel loop operation of the algorithm begins, and the number of loops is the 512-bit information grouping in the information.

Copy the above four link variables into another four variables: A to A, B to B,c to C,d to D. The main cycle has four rounds (MD4 only rounds), each cycle is very similar. The first round operates 16 times. Each operation makes a nonlinear function operation on three of them in A, B, C, and D, and then adds the resulting result to the fourth variable (a sub-group and a constant in the text).

The resulting result is then shifted to the right by an indefinite number, plus one of a, B, C, or D. Finally, replace one of a, B, C or D with this result. Take a look at the four nonlinear functions (one per round) that are used in each operation.

Where,? is XOR, ∧ is with, ∨ is OR, is anti-symbol.

If the corresponding bits of x, Y, and Z are independent and homogeneous, then each bit of the result should also be independent and uniform. F is a function of bitwise arithmetic. That is, if x, then y, otherwise Z. The function h is a bitwise odd-even operator. After all this is done, add the a,b,c,d to A,b,c,d respectively. Then the algorithm continues to run with the next packet of data, and the final output is the cascade of A,b,c and D. The final a,b,c,d is the output, A is low, D is high, and the DCBA is composed of 128-bit output results.

Safety of 2.2 MD5

From a security standpoint, the output of the MD5 is 128 bits, and if a pure brute force attack is used to find a message with a given hash value, the computational difficulty is 2128, and the computer that can experiment with 1 billion messages per second takes 1.07x1022 years. If you use the Birthday attack method to find two messages with the same hash value, you need to experiment with 264 messages, and a computer with 1 billion messages per second will take 585 years.

Application of 2.3 MD5 encryption algorithm

MD5 encryption algorithm is widely used because of its good security and commercial free use of the algorithm, MD5 algorithm is mainly used in digital signature, file integrity verification and password encryption.

3. Improved encryption method

3.1 Shortcomings of current MD5 encryption method utilization

In the current information system, the use of MD5 encryption method is mainly by referencing the file containing MD5 cryptographic function code in the script page, taking ASP script as an example, adding in the page that needs to be called, md5.asp to MD5 encrypt function code file, then directly calling function MD5 (smessage) Yes, MD5 encrypted values are 16-bit and 32-bit, if used in MD5 encryption function MD5 = LCase (Wordtohex (a) & Wordtohex (b) & Wordtohex (c) & Wordtohex (d) ), that is 32 bits, or 16 bits if you are using Md5=lcase (Wordtohex (b) & Wordtohex (c)). For example, a value of "123456" in plaintext is encrypted with a value of two MD5, as follows:

a=123456 password=md5 (a) = 49ba59abbe56e057 password=md5 (a) = E10ADC3949BA59ABBE56E057F20F883E if the encrypted MD5 value is saved directly in the database, When the site is injected or other vulnerabilities, the intruder is very likely to obtain the user's password value, through the MD5

If the encrypted MD5 value is stored directly in the database, when the site has injected or other vulnerabilities, the intruder is very likely to obtain the user's password value, through the MD5 online query or brute force can be obtained password.

3.2 Improved encryption method based on MD5 algorithm

The method mentioned in this paper is to use MD5 encryption algorithm on the basis of plaintext (password) encryption, the ciphertext has been changed, in the ciphertext to intercept a piece of data and discarded,

The discarded data is then populated with random functions, and the entire process does not change the number of bits after the MD5 is encrypted. The encryption process is described in the following algorithm:

(1) The plaintext password is MD5 encrypted to obtain ciphertext MD5 (password).

(2) using the interception function to intercept the encrypted ciphertext, from the beginnumber position to intercept the number digit value, get the password A, where a=left (MD5 (password), beginnumber-1).

(3) Use the Intercept function to intercept the number digits of the encrypted plaintext after the value B, where b=right (MD5 (password), Md5-digit-(beginnumber+number-1)).

(4) Use the random function Gen_key (number) to fill in the value of the intercept.

(5) The converted password value is Encrypt_password =a&get_key (number) &b

Variable Description:

The decryption process is similar to the encryption process, first encrypt the input plaintext, then intercept the first half from Beginnumber to get a′, and the second half to get b′,

Then read a and B in the password from the database, and finally if a=a′ and b=b′, the password entered by the user is considered to match the password in the database.

3. Key code and implementation

This article mentions the key implementation code for the improvement method as follows:

4. Discussions and concluding remarks

Some have also proposed to modify the function or variable in MD5 encryption algorithm, so as to enhance the security of using the original MD5 algorithm,

However, after modifying the MD5 original function or the variable, this method cannot verify whether the MD5 algorithm is consistent with the original algorithm in intensity.

The method proposed in this paper is based on the original MD5 encryption, by intercepting a certain number of bits of cipher string, and using random number to fill,

Finally, although the ciphertext is MD5 encrypted, but its value has been very different, so through the MD5 conventional crack method is never able to crack its original password value,

Thus ensuring the security of the data. Although there are many attack methods, such as SQL injection, cross-site attack, etc., it is easy to get the values in the database.

Through this method to encrypt, before the website or system code leaks, its data is relatively safe, so has a certain reference value

MD5 Encryption algorithm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.