Cryptography Reference
In-Depth Information
Algorithm 8.6
Round 1 of the MD5 hash function.
1.
A ←
(
A
+
f
(
B, C, D
)+
X
[0] +
T
[1])
←
7
2.
D ←
(
D
+
f
(
A, B, C
)+
X
[1] +
T
[2])
←
12
3.
C ←
(
C
+
f
(
D, A, B
)+
X
[2] +
T
[3])
←
17
4.
B ←
(
B
+
f
(
C, D, A
)+
X
[3] +
T
[4])
←
22
5.
A ←
(
A
+
f
(
B, C, D
)+
X
[4] +
T
[5])
←
7
6.
D ←
(
D
+
f
(
A, B, C
)+
X
[5] +
T
[6])
←
12
7.
C ←
(
C
+
f
(
D, A, B
)+
X
[6] +
T
[7])
←
17
8.
B ←
(
B
+
f
(
C, D, A
)+
X
[7] +
T
[8])
←
22
9.
A ←
(
A
+
f
(
B, C, D
)+
X
[8] +
T
[9])
←
7
10.
D
←
(
D
+
f
(
A, B, C
)+
X
[9] +
T
[10])
←
12
11.
C
←
(
C
+
f
(
D, A, B
)+
X
[10] +
T
[11])
←
17
12.
B
←
(
B
+
f
(
C, D, A
)+
X
[11] +
T
[12])
←
22
13.
A
←
(
A
+
f
(
B, C, D
)+
X
[12] +
T
[13])
←
7
14.
D
12
15.
C ←
(
C
+
f
(
D, A, B
)+
X
[14] +
T
[15])
←
17
16.
B ←
(
B
+
f
(
C, D, A
)+
X
[15] +
T
[16])
←
22
←
(
D
+
f
(
A, B, C
)+
X
[13] +
T
[14])
←
8.3.2
MD5
As mentioned earlier, MD5 is a strengthened version of MD4. It was proposed in
1991 and is specified in RFC 1321 [7]. There are only a few differences between
MD4 and MD5, the most obvious being that MD5 uses four rounds (instead of
three). This is advantageous from a security viewpoint. It is, however, also disad-
vantageous from a performance viewpoint. In fact, the additional round decreases
the performance of the hash function about 30% (as compared to MD4).
The MD5 hash function is conceptually and structurally similar to MD4. In
fact, the padding of the message
m
works exactly the same way. Again, there are
some auxiliary functions. The selection function
f
and the function
h
are defined
the same way as for MD4. The majority function
g
has changed from
g
(
X, Y, Z
)=(
X
∧
Y
)
∨
(
X
∧
Z
)
∨
(
Y
∧
Z
)
to
g
(
X, Y, Z
)=((
X
∧
Z
)
∨
(
Y
∧
(
¬
Z
))
to make it less symmetric. In addition, there is a new function
i
that is defined as
follows: