# Web Password Hashing And Domain Specific Hashing

Message Digest Algorithm (MD5)

MD5 is one of the commonly used cryptographic function which processes a variable length message into a fixed length output of 128 bits. MD5 is used in wide variety of security applications. It is also used to check the integrity of files. 32 Digit hexadecimal number is used as a typical MD5 hash. Different steps to create password using MD5 Algorithm are

• First, input message is broken in to blocks of 512 bit blocks.
• Now message padding is done so that it is divisible by 512.
• First a single bit is appended to the end of the message which should be 1.
• After first bit, zeros are added to bring the length of the message up to 64 bits fewer than a multiple of 512.
• The remaining bits are filled up with a 64 bit integer representing the length of the original message in bits.

The MD5 algorithm uses 4 state variables, each of which is a 32 bit integer. These variables are sliced and diced and are (eventually) the message digest. The variables are initialized as follows:

A = 0x67452301, B = 0xEFCDAB89, C = 0x98BADCFE, D = 0x10325476.

Now on to the actual algorithm, the main part of the algorithm uses four functions to thoroughly goober the above state variables. Those functions are as follows:

F(X,Y,Z) = (X AND Y) OR (NOT (X) & Z)

G(X,Y,Z) = (X AND  Z) OR (Y AND  NOT (Z))

H(X,Y,Z) = X XOR Y XOR  Z

I(X,Y,Z) = Y XOR (X OR NOT (Z))

Above functions along with state variables and the input message, transform the state variables from their initial state into message digest. Then message digest is stored in the state variables A, B, C and D. To convert it in to the hexadecimal form, output the hex values of each the state variables, least significant byte first.

• Easy to compute the hash value for a given message
• Infeasible to find a message that has a given hash
• Infeasible to modify a message without changing the hash
• Infeasible to find two different messages with the same hash

• Security of the MD5 hash function is severely compromised
• Old MD5 projects can be used to reverse many MD5 hashes into strings inorder to crack passwords

References

HASHING ALGORITHMS