Professional Documents
Culture Documents
Humpty falls
‘ hello’ MD5
Humpty falls
5d41402abc4b
‘ hello’ MD5 2a76b9719d91
1017c592
Humpty falls
- going backwards -
- sdrawkcab gniog -
- going backwards -
- sdrawkcab gniog -
- going backwards -
NO!!!
- sdrawkcab gniog -
- going backwards -
5d41402abc4b
2a76b9719d91
1017c592
- sdrawkcab gniog -
- going backwards -
5d41402abc4b
2a76b9719d91
1017c592
‘ hello’
- sdrawkcab gniog -
Requirements
h(x)
Requirements
h(x)
Given h(x)
cannot find x
1
Requirements
h(x)
1 2
Requirements
h(x)
1 2 3
Requirement #3 -
Humpty Dumpty Style
Requirement #3 -
Humpty Dumpty Style
≠
Requirement #3 -
Humpty Dumpty Style
≠ ≠
≠ ≠ .........
so how does it
work?
‘ hello’
5d41402abc4b2a76b9719d911017c592
we’re going to focus on MD5
1. Convert ‘x’ to binary
‘ hello’ 0110100001100101011011000110110001101111
1. Convert ‘x’ to binary
2. Pad ‘x’ so that size of x (mod 512) = 0
‘hello’ in binary 0110100001100101011011000110110001101111
0000000000101000
‘hello’ in binary 0110100001100101011011000110110001101111
1 add ‘1’
0000000000101000
‘hello’ in binary 0110100001100101011011000110110001101111
1 add ‘1’
0000000000101000
‘hello’ in binary 0110100001100101011011000110110001101111
1 add ‘1’
W1 = 01101000011001010110110001101100
1. Convert ‘x’ to binary
2. Pad ‘x’ so that size of x (mod 512) = 0
3. Break ‘x’ into 512 bit sub parts and 32 bit words
4. Assign values to k[i], r[i], w[g], h0, h1, h2 and h3.
k[i] = |sin(i+1)| x 232 where ‘i’ is in radians
k[i] = |sin(i+1)| x 232 where ‘i’ is in radians
r[i] = Various round shift amounts
k[i] = |sin(i+1)| x 232 where ‘i’ is in radians
r[i] = Various round shift amounts
w[g] = Word number (0 – 15)
k[i] = |sin(i+1)| x 232 where ‘i’ is in radians
r[i] = Various round shift amounts
w[g] = Word number (0 – 15)
h0 = a = 0x67452301
h1 = b = 0xEFCDAB89
h2 = c = 0x98BADCFE
h3 = d = 0x10325476
1. Convert ‘x’ to binary
2. Pad ‘x’ so that size of x (mod 512) = 0
3. Break ‘x’ into 512 bit sub parts and 32 bit words
4. Assign values to k[i], r[i], w[g], h0, h1, h2 and h3.
5. Perform 64 rounds on each sub part
But first... binary operations!
∧
∧
(AKA ‘AND’)
p q ∧
T T
p q ∧
T T T
p q ∧
T T T
T F
p q ∧
T T T
T F F
p q ∧
T T T
T F F
F T
p q ∧
T T T
T F F
F T F
p q ∧
T T T
T F F
F T F
F F
p q ∧
T T T
T F F
F T F
F F F
In binary:
T=1
F=0
p q ∧
T T T
T F F
F T F
F F F
p q ∧ bit 1 bit 2 ∧
T T T 1 1 1
T F F 1 0 0
F T F 0 1 0
F F F 0 0 0
∨
⊕
bit 1 bit 2 ∨
1 1 1
1 0 1
0 1 1
0 0 0
⊕
“XOR is a type of logical disjunction on two operands that results
in a value of “true” if and only if exactly one of the operands has a
value of ‘true’”
bit 1 bit 2 ∨ bit 1 bit 2 ⊕
1 1 1 1 1 F
1 0 1 1 0 T
0 1 1 0 1 T
0 0 0 0 0 F
¬
¬
(not)
¬1=0
¬0=1
<<
(bit shift)
1 0 1 0 1 0
0 1 0 1 0
0 1 0 1 0 0 0
Remember:
a,b,c,d are h0-3
Operation A
f = (b ∧ c) ∨ (¬ b ∧ d)
g=i
Operation B
f = (d ∧ b) ∨ ((¬ d) ∧ c)
g = (5i + 1) mod 16
Operation C
f=b⊕c⊕d
g = (3i + 5) mod 16
Operation D
f = c ⊕ (b ∨ (¬ d))
g = (7i) mod 16
A B C D
A B C D
A B C D
B
h1 h0
Password
Protection
Message
Integrity
Applications
Password
Protection
Message
Integrity
Applications
Digital
Password Signatures
Protection
Password Protection
When you registered...
MD5
‘password’ 5f4dcc3b5aa765d61d8327deb882cf99
When you registered...
MD5
‘password’ 5f4dcc3b5aa765d61d8327deb882cf99
Data Base
‘password’
MD5
‘password’
MD5
‘password’ 5f4dcc3b5aa765d61d8327deb882cf99
5f4dcc3b5aa765d61d8327deb882cf99
=
stored, hashed password?
5f4dcc3b5aa765d61d8327deb882cf99
=
stored, hashed password?
No.
Give ‘incorrect
password’ error
5f4dcc3b5aa765d61d8327deb882cf99
=
stored, hashed password?
No. Yes.
private
key
encrypted
MD5
hash
private
key
hash encrypted
public
key
MD5
hash
private
MD5
key
hash encrypted
public
key
MD5
hash
private
MD5
key
hash ✔ encrypted
public
key
Attacks
Collision Attack
hash
private
MD5
key
hash ✔ encrypted
public
key
Changed
hash
Message
MD5
hash ✔ encrypted
public
key
Very Dangerous!
Birthday Attack
Relies on ‘Birthday Paradox’
Relies on ‘Birthday Paradox’
ESSENCE WaMM
Boole
NaSHA
NKS2D
Waterfall
Skein
BLAKE MD6 Maraca
Keccak
CubeHash
Edon-R
Ponic EnRUPT
SHAMATA
MCSSHA-3 Sgàil
Blue Midnight Wish
Grøstl
ESSENCE WaMM
Boole
NaSHA
NKS2D
Waterfall
Thank you for coming!
Any Questions?