Talk:MD5

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Cryptography / Computer science  (Rated C-class, Top-importance)
WikiProject icon This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the quality scale.
 Top  This article has been rated as Top-importance on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science (marked as Top-importance).
 
edit·history·watch·refresh Stock post message.svg To-do list for MD5:
  • Summarise results of Berson
  • Complete the (non-pseudocode) description of the MD5 algorithm
  • Add information about md5x one step to double md5 hashes
Priority 3

Algorithm description unclear[edit]

What happens if the original message length is just under some multiple of 512? You won't have room for the 64 bits. Do we then pad to the next multiple of 512? — Preceding unsigned comment added by 82.141.130.38 (talk) 10:33, 8 August 2014 (UTC)

Yes, that is exactly right. If there isn't room for the 64 bits, both md5 and sha256 use zero padding to the next multiple of 512, and the 64 bits are put at the end of that last 512-bit block (which is otherwise all zeros). How could we make this clearer for the next reader? --DavidCary (talk) 18:39, 9 December 2014 (UTC)

Collision reproduction[edit]

I cannot reproduce the MD5 hash for the Collision vulnerabilities section. I have tried the message blocks as is, without spaces, and without spaces and newlines. The reference points to a broken link[1].

I tried reproducing it with md5sum (GNU coreutils) 8.23:

echo $codeblock | md5sum
echo $codeblock | tr -d " " | md5sum
echo $codeblock | tr -d "\n " | md5sum

194.75.78.178 (talk) 14:08, 10 April 2015 (UTC)

  1. ^ Eric Rescorla (17 August 2004). "A real MD5 collision". Educated Guesswork (blog). 
It's your lucky week, I recall the article, search engines confirm that it's no hallucination, and I added the collision to a MD5 test suite a decade ago, where it still works as expected. REXX code:
  • ignore function TEST(), it only counts errors (= unexpected outcomes)
  • ignore x2c() for hex. to bytes, and bitxor() for what you think it is
  • ignore MD5(), because you have your own implementation
   /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
   X =   'd1 31 dd 02   c5 e6 ee c4   69 3d 9a 06   98 af  f9 5c'
   X = X '2f ca b5 87   12 46 7e ab   40 04 58 3e   b8 fb  7f 89'
   X = X '55 ad 34 06   09 f4 b3 02   83 e4 88 83   25 71  41 5a'
   X = X '08 51 25 e8   f7 cd c9 9f   d9 1d bd f2   80 37  3c 5b'
   X = X 'd8 82 3e 31   56 34 8f 5b   ae 6d ac d4   36 c9  19 c6'
   X = X 'dd 53 e2 b4   87 da 03 fd   02 39 63 06   d2 48  cd a0'
   X = X 'e9 9f 33 42   0f 57 7e e8   ce 54 b6 70   80 a8  0d 1e'
   X = X 'c6 98 21 bc   b6 a8 83 93   96 f9 65 2b   6f f7  2a 70'
   C = x2c( X )
   Y = '79054025255fb1a26e4bc422aef54eb4'
   TXT = 'MD5 collision test, 6 of 1024 bits modified'
   BAD = BAD + TEST( MD5( C ), Y, TXT '- see also at URL:' )

   X =   '00 00 00 00   00 00 00 00   00 00 00 00   00 00  00 00'
   X = X '00 00 00  80  00 00 00 00   00 00 00 00   00 00  00 00'
   X = X '00 00 00 00   00 00 00 00   00 00 00 00   00  80 00 00'
   X = X '00 00 00 00   00 00 00 00   00 00 00  80  00 00  00 00'
   X = X '00 00 00 00   00 00 00 00   00 00 00 00   00 00  00 00'
   X = X '00 00 00  80  00 00 00 00   00 00 00 00   00 00  00 00'
   X = X '00 00 00 00   00 00 00 00   00 00 00 00   00  80 00 00'
   X = X '00 00 00 00   00 00 00 00   00 00 00  80  00 00  00 00'
   C = bitxor( C, x2c( X ))      /* toggle 6 bits of 1024 =16*8*8 */
   TXT = 'www.rtfm.com/movabletype/archives/2004_08.html#001055'
   BAD = BAD + TEST( MD5( C ), Y, '<http://' || TXT || '>' )
Have fun, and if you can please post pseudo-code for PHPASS(), the MD5 code by Solar Designer, I never managed to get this right, after in essence all RFC examples and seriously weird stuff like APR1. –Be..anyone (talk) 04:52, 13 April 2015 (UTC)

The pseudocode is missing variable "g" declaration[edit]

I've noticed that the variable g is not defined in the pseudo-code before its use, while all other are. Would anyone know the proper definition and type for that variable? --185.112.167.100 (talk) 08:07, 4 December 2015 (UTC)

It looks like the work variables (F, g, dTemp and possibly more) are not declared because they do not need to be initialized. Each has a type that can be inferred from what it stores—for example, i is an integer from 0 through 63, and g is an integer calculated from i. It is pseudocode, not a compiled program. Johnuniq (talk) 10:08, 4 December 2015 (UTC)