Message Digest 5 Algorithm
With the development of the Internet and the evolution of the world to become oriented in data and connectivity, we have also learned that “there be hackers” out there. This means that you must be concerned with issues such as security, authenticity, and integrity of data.
These issues are important for almost everyone, from the military/government to healthcare/personal records to financial data. All organizations require secret or private data to be kept from those who should not have access to it. Security in the form of authenticity and integrity of data is driven as follows:
• Authenticity is responsible for ensuring that the group or person sending the data is who he says he is. A digital signature is an example of the importance of authenticity.
• Integrity is responsible for ensuring that the data is not altered during transmission and that exactly what was sent was received. Have you ever downloaded a software application or operating system patch? It is important that the downloaded file has not lost any of its integrity; this is the importance of integrity.
Message Digest 5 (MD5) is one of the better available methods of ensuring that these security needs are met. A message-digest algorithm is designed to accept data and generate fixed-length output; this output is called a hash value, fingerprint, or message digest and is the key to the security that MD5 provides.
Note
The term hash comes by way of analogy with its standard meaning in the physical world: to chop and mix. When teaching, I often run across technologies that hash. I find that the best way to explain a hash and make it memorable to students is through an analogy. A hash is basically a grinder that takes something recognizable—such as beef or pork—hashes it, and the result is something based on the original but is unique. In this case, it is hamburger or sausage, of course! Try and put that back together.
Developed in 1994 by Rivest, MD5 is a one-way hash algorithm that takes any length of data and produces a 128-bit nonreversible fingerprint known as a hash. (RFC 1321 officially describes MD5.) This output hash/fingerprint cannot be reverse engineered to determine the data that was used to produce it. Functionally, this means that it is impossible to derive the original file contents from the MD5; this is why they call it one way.
Note
A one-way hash is the result of an algorithm that turns data of any type into a string of digits, thus creating a digital signature. These digital signatures are then used to verify the authenticity and integrity of data. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message actually is who she claims to be.
MD5 does not actually encrypt or alter any data; instead, it creates a hash from which the data’s authenticity and integrity can be determined. Because MD5 does not encrypt data, it is not restricted by any exportation rules. You can freely use and distribute this MD5 anywhere in the world.
Note
Authentication is the process of identifying an individual or device based on the correct username and password combination. Authentication does not determine what an individual is allowed to access, but merely that he is who he claims to be. Authorization defines what an individual is allowed to access—assuming that he has been authenticated, of course!
The following section looks at MD5 in action and where you might have unknowingly encountered it. The actual mathematics of how MD5 creates these hashes is beyond the scope of this book. Readers wanting to learn more about MD5 are encouraged to read RFC 1321, “The MD5 Message-Digest Algorithm” (http://tools.ietf.org/html/rfc1321).
MD5 Hash in Action
If you own a computer, you have most likely experienced MD5 without even knowing it. MD5 plays a large role in networking, and it can help you in a variety of ways:
• When downloading files from the Internet, you can use MD5 to ensure that the downloaded file has been unaltered after being made available on a server. The MD5 hash is calculated after a file is downloaded and compared.
• Ensure that the integrity of system files is maintained—various tools, such as tripwire (covered later), use MD5 to monitor and consistently verify that operating system files have not been altered. This protects crucial systems and alerts administrators if something has changed because the hashes no longer match.
When using a one-way hash operation such as MD5, you can compare a calculated message digest against the received message digest to verify that the message has not been tampered with. This comparison is called a hash check.
MD5 checksums are widely used in software development to provide assurance that a downloaded file or patch is unaltered. By verifying a published MD5 checksum and comparing MD5 checksum on record with the software provider with a downloaded file’s checksum, a user can be sure that the file is the same as that offered by the developers if a match occurs.
This comparison procedure protects everyone by providing a measure of protection when downloading software and by ensuring that no Trojan horses or computer viruses exist. As previously discussed, this is the definition of a digital signature. Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes. To be effective, digital signatures must be unbreakable, which is an idealistic goal. As a viable compromise, the signature must be independently verifiable, difficult to break, and have a design that enables its strength to increase and evolve. As demonstrated in the discussion of DES, the growth of technology can quickly overtake security if you do not take the proper precautions or follow up on updated security needs.