MD5

1
MD5 Hash Encryption

• By Alex Buzak

2
Overview

• Purpose of MD5 and Hash Encryptions
• Examples
• MD5 Algorithm
• Explanation of Possible Security Risks
• Practical Applications Through Code
• Possible Future Security Risks

3
Macintosh MD5 Terminal Execution
location md5 attr. (word/file) Attributes -s
indicates string input, not file! ex. md5 -s
test -r reverses print of hash/word ex md5 -r
-s test -q overrides -r, only md5 sum
printed ex md5 -q -s test -t built-in time
test ex md5 -t Other Attributes -p -x
Note -s must be the last attribute or it will
think everything past is the string
4
Windows md5 Command Line Execution
Not Built In To Windows Command
Line Example md5sum filename Ex C/md5sum
test.txt Or wherever the md5sum.exe is
located -b Reads Files In Binary Mode -c Checks
Digest Against Given List -w Warns About
Improperly Formatted md5 Checksums
5
Difficulty In Cracking

• Md5, with its 128bit encryption algorithm has
  1,280,000,000,000,000,000 possible combinations.
• Even if the exact same hash value found, possible
  other string combination could have created it.
• It is considered that the md5 message digest
  would take an unrealistic time to crack via brute
  force attack.

6
MD5 Completely Secure?
It most definitely is a better algorithm than
its predecessors, however, flaws do allow for
exploits to the system.
Although it is likely that there are more than
the two types of cracking techniques that I have
been able to find, I shall only discuss the two
most widely known.
7
Possible Techniques

• Brute Force (easiest, but success low)
• A brute force attack simply tries all possible
  combinations, until it finds the correct
  solution.
• Collision Checking (harder to implement)
• Collision checking is the attempt to find two
  different inputs to the md5 algorithm which
  create the same generated hash.

8
Uses of MD5 Encryption

• Digital Signatures (Authentication)
• Certificates
• One-Way Encryption
• Secure storage of information that does not need
  to be deciphered.

9
Digital Signatures
Possibly the best reason for having an
md5 algorithm is for the use of digital
signatures. They allow other people to
digitally verify that whatever document they
received is actually authentic and not tampered
with. Couldnt find any free software to
create digital signatures, or source code to
hardcode it into any language. Therefore I cant
show any examples of digital signatures or
certificates in use.
10
Collisions As Security Hazard
Collisions are the main hazard when dealing with
the md5 algorithm, as collisions, or two
files that produce the same hash signature. To
verify a document, a md5 hash of the file
is created and sent along with the document as a
certificate. When the other user receives the
file, it is certified to either be the original,
or a tampered with document. This is done by
hashing the file again upon arrival,
and comparing the two hash signatures. If they
match, the document is said to be authentic.
11
Therefore, if someone were to be able to
create another document with completely different
content, but producing the same hash signature,
it would still be said to be authentic.
12
Pros/Cons MD5

• Easy to use
• Widely used
• Considered secure
• Difficult to crack

• Is susceptible to brute force attacks
• Hash collisions is a known flaw
• Quantum computers would make such an algorithm
  worthless