est is on the order of 2^128 operations. The MD5 algorithm has been carefully scrutinized for weaknesses. It is, however, a relatively new algorithm and further security analysis is of course justified, as is the case with any new proposal of this sort. 5. Differences Between MD4 and MD5 The following are the differences between MD4 and MD5: 1. A fourth round has been added. 2. Each step now has a unique additive constant. 3. The function g in round 2 was changed from (XY v XZ v YZ) to (XZ v Y not(Z)) to make g less symmetric. 4. Each step now adds in the result of the previous step. This promotes a faster "avalanche effect". 5. The order in which input words are accessed in rounds 2 and 3 is changed, to make these patterns less like each other. 6. The shift amounts in each round have been approximately optimized, to yield a faster "avalanche effect." The shifts in different rounds are distinct. Rivest [Page 6] RFC 1321 MD5 Message-Digest Algorithm April 1992 References [1] Rivest, R., "The MD4 Message Digest Algorithm", RFC 1320, MIT and RSA Data Security, Inc., April 1992. [2] Rivest, R., "The MD4 message digest algorithm", in A.J. Menezes and S.A. Vanstone, editors, Advances in Cryptology - CRYPTO '90 Proceedings, pages 303-311, Springer-Verlag, 1991. [3] CCITT Recommendation X.509 (1988), "The Directory - Authentication Framework." APPENDIX A - Reference Implementation This appendix contains the following files taken from RSAREF: A Cryptographic Toolkit for Privacy-Enhanced Mail: global.h -- global header file md5.h -- header file for MD5 md5c.c -- source code for MD5 For more information on RSAREF, send email to <rsaref@rsa.com>. The appendix also includes the following file: mddriver.c -- test driver for MD2, MD4 and MD5 The driver compiles for MD5 by default but can compile for MD2 or MD4 if the symbol MD is defined on the C compiler command line as 2 or 4. The implementation is portable and should work on many different plaforms. However, it is not difficult to optimize the implementation on particular platforms, an exercise left to the reader. For example, on "little-endian" platforms where the lowest-addressed byte in a 32- bit word is the least significant and there are no alignment restrictions, the call to Decode in MD5Transform can be replaced with a typecast. A.1 global.h /* GLOBAL.H - RSAREF types and constants */ /* PROTOTYPES should be set to one if and only if the compiler supports function argument prototyping. The following makes PROTOTYPES default to 0 if it has not already Rivest [Page 7] RFC 1321 MD5 Message-Digest Algorithm April 1992 been defined with C compiler flags. */ #ifndef PROTOTYPES #define PROTOTYPES 0 #endif /* POINTER defines a generic pointer type */ typedef unsigned char *POINTER; /* UINT2 defines a two byte word */ typedef unsigned short int UINT2; /* UINT4 defines a four byte word */ typedef unsigned long int UINT4; /* PROTO_LIST is defin
相关文章
 我来说两句 |
对此文章发表了评论 |
评论列表 (最新 评论仅限网友观点!)
推荐文章
