MD5 and SHA-1

……….
 MD5
• MD stands for message digest.

• MD5 is an algorithm which:

– takes an input of any length
– outputs a message digest of a fixed length (128-bit, 32 characters)

• MD5 uses the same algorithm every time. Hence it will always generate the
same message digest for the same string (data).
MD5 Steps:
• Step 1. Append Padding Bits
• Step 2. Append Length
• Step 3. Initialize MD Buffer
• Step 4. Process Message in 16-Word Blocks
• Step 5. Output
 Step 1:Append Padding Bits:
• The aim of this step is to make the length of the original message equal to
(448 mod 512) a value which is 64 bit less than an exact multiple of 512
your message must be n bits,
where n= (512*z)+448 and z is any number.
Example: length of the message n=1000
512*2-64<1000
512*3-64=1472
As an example, if you had a file that was 1472 bits long, then you would be
able to use it as an MD5 hash, because 1472 modulo 512 = 448. If the file
was 1400 bits long, then you would need to pad in an extra 72 bits before
you could run the rest of the MD5 algorithm
Step 1:Append Padding Bits:
Original message Padding(1-512 bits)

Original message padding

Example:1000+472=1472
Step:2 Append Length
• A 64-bit representation of the length of the message is appended to the result
of step1.
• If the length of the message is greater than 2^64, only the low-order 64 bits
will be used.
• The resulting message has a length that is an exact multiple of 512 bits.

Original message padding Length(64 bit)

Original message padding length

Step 3: Divide input into 512 bit blocks
Step 4: Initialize MD buffer:
• A four-word buffer (A, B, C, D) is used to compute the message digest. Each of
A, B, C, D is a 32-bit register.
• These registers are initialized to the following values in hexadecimal, low-
order bytes first):

word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10
Step 5:Process Message in 16 word Block
1) Copy the four chaining variables into four corresponding variables a, b, c, d
2) Divide the current 512 bit block into into 16 sub block each contain 32-bit
3) There are total four rounds and in each round 16 sub blocks will be
processed. The input to each rounds are:
a) All the 16-bit sub blocks {M[0], M[1], ……………. M[15]}
b) The variables a, b, c, d
c) Some constants designed as T {T[1], T[2], …………………. T[64]}
Process each block

Fig 1: MD5
 According to the fig 1, the values being run for a single
buffer A. The correct order is as follows:
1. It passes B, C, and D onto a non-linear process.
2. The result is added with the value present at A.
3. It adds the sub-block value to the result above.
4. Then, it adds the constant value for that particular iteration.
5. There is a circular shift applied to the string.
6. As a final step, it adds the value of B to the string and is stored in buffer A.
7. The steps mentioned above are run for every buffer and every sub-block. When
the last block’s final buffer is complete, you will receive the MD5 digest.
 The non-linear function:
The non-linear process mentioned in fig 1 is different for each round of the sub-
block.
• Round 1: (b AND c) OR ((NOT b) AND (d))
• Round 2: (b AND d) OR (c AND (NOT d))
• Round 3: b XOR c XOR d
• Round 4: c XOR (b OR (NOT d))
 Secure Hashing Algorithm (SHA-1)
• SHA1 was the revised version of SHA published in 1995 FIPS PUB 180-1.
However, SHA1 is relatable to MD5 as it is based on MD5.
• The SHA 1 can take any arbitrary message as an input which is 2 64 bits in length
and produce 160-bit long message digest.
• SHA stands for Secure Hash Algorithm where secure signifies the one-way (pre-
image resistance or collision resistance) property and inability to produce a similar
message from two messages.
 Working of SHA-1
As we know that SHA1 is modelled after MD5 and most of its steps resemble MD5.
So, here we will explain the SHA1 steps briefly.
1) Padding – This step adds the padding to the end of the genuine message in
such a manner that the length of the message is 64 bits less of the multiple of
512.
2) Append –appended to the end of the padding as a 64-bit block.
3) Division of input – Divide the input into 512-bit blocks
4) Initialize chaining variable – Here 5 chaining variables are initialized A, B,
C, D, and E each of 32-bits total of 160-bits. E{ hex C3 D2 E1 F0}
5) Process blocks – This step includes copying of chaining variables, division of
512 bit-block into 16 sub-blocks, and processing 4 rounds of 20 step each.
 SHA-1
• In SHA1 there are:
1) four rounds and each round consist of 20 steps
2) each round takes the three inputs:
a) current 512-bit block,
b) register abcde and
c) constant K[t] (where t=0 to 79)
 Mathematical representation of iteration

• It makes 80 iterations, which can be mathematically expressed by:

abcde = (e + Process P + s5(a) +M [i] +t [i]), a, s30 (b),c,d
Where,
abcde = The register constructed of five variables a, b, c, d and e
Process P = The logical operation,
St = Circular-left shift of the 32-bit sub-block by t bits.
M[i] = A 32-bit derived from the current 32-bit sub-block
t[i] = On of the five additive constants
 SHA-1
• Process P for each round:
– Round 1: (b AND c) OR ((NOT b) AND (d))
– Round 2: b XOR c XOR d
– Round 3: (b AND c) OR (b AND d) OR (c AND d)
– Round 4: b XOR c XOR d
• Value of M[i]
m[i] Value of M[i]
i= 0 to 15 Same as m[i]( m[i] is the sub block of message first 16
sub blocks)
otherwise (M[i-16] XOR M[i-14] XOR M[i-8] XOR M[i-3])
 Value of t[i]
Round Value of i between T[i] in hexadecimal
1 1 to 19 5A 92 79 99
2 20 to 39 6E D9 EB AD
3 40 to 59 9F 1B BC DC
4 60 to 79 CA 62 C1 D6
 Key Differences Between MD5 and SHA1

1. MD5 can create 128 bits long message digest while SHA1 generates 160 bits long
message digest.
2. To discern the original message the attacker would need 2 128 operations while
using the MD5 algorithm. On the other hand, in SHA1 it will be 2160 which makes
it quite difficult to find.
3. If the attacker wants to find the two messages having the same message digest, he
would require 264 operations for MD5 whereas 280 for SHA1.
4. When it comes to security by the above-given fact SHA1 hold more points relative
to MD5.
5. MD5 is faster than SHA1, but SHA1 is more complex as compared to MD5
Thank you