2004年,已经被山东大学的王小云教授破解了。
以下是她在国际密码学会上发表的破解原理论文。
Collisions for Hash Functions
Collisions for Hash Functions
MD4, MD5, HAVAL-128 and RIPEMD
Xiaoyun Wang1, Dengguo Feng2, Xuejia Lai3, Hongbo Yu1
The School of Mathematics and System Science, Shandong University, Jinan250100, China1
Institute of Software, Chinese Academy of Sciences, Beijing100080, China2
Dept of Computer Science and Engineering, Shanghai Jiaotong University, Shanghai, China3
xywang@sdueducn1
revised on August 17, 2004
1 Collisions for MD5
MD5 is the hash function designed by Ron Rivest [9] as a strengthened version of MD4 [8] In 1993 Bert den
Boer and Antoon Bosselaers [1] found pseudo-collision for MD5 which is made of the same message with two
different sets of initial value H Dobbertin[3] found a free-start collision which consists of two different 512-bit
messages with a chosen initial value 0 V I
ED BA x C B F x C B AC x A V I 763 4 0 D , 97 62 5 0 , 341042 3 0x B , 2375 12 0 : 0 0 0 0 0
Our attack can find many real collisions which are composed of two 1024-bit messages with the original
initial value 0 IV of MD5:
10325476 0 , 98 0 , 89 0 67452301 0 : 0 0 0 0 0 x D badcfe x C xefcdab ,B x A IV
) 0 , 2 ,, 2 ,, 2 , 0 , 0 , 0 , 0 ( , 31 15 31
1 1 C C M M
) 0 , 2 ,, 2 ,, 2 , 0 , 0 , 0 , 0 ( , 31 15 31
2 2 C C N N i i
(non-zeros at position 4,11 and 14)
such that
) , ( 5 ) , ( 5 i i N M MD N M MD
On IBM P690, it takes about one hour to find such M and M , after that, it takes only 15 seconds to 5
minutes to find i N and i N , so that ) , ( i N M and ) , ( i N M will produce the same hash same value Moreover,
our attack works for any given initial value
The following are two pairs of 1024-bit messages producing collisions, the two examples have the same 1-st
half 512 bits
M
2dd31d1 c4eee6c5 69a3d69 5cf9af98 87b5ca2f ab7e4612 3e580440 897ffbb8
634ad55 2b3f409 8388e483 5a417125 e8255108 9fc9cdf7 f2bd1dd9 5b3c3780
X1
N1
d11d0b96 9c7b41dc f497d8e4 d555655a c79a7335 cfdebf0 66f12930 8fb109d1
797f2775 eb5cd530 baade822 5c15cc79 ddcb74ed 6dd3c55f d80a9bb1 e3a7cc35
M0
2dd31d1 c4eee6c5 69a3d69 5cf9af98 7b5ca2f ab7e4612 3e580440 897ffbb8
634ad55 2b3f409 8388e483 5a41f125 e8255108 9fc9cdf7 72bd1dd9 5b3c3780
X1
N1
d11d0b96 9c7b41dc f497d8e4 d555655a 479a7335 cfdebf0 66f12930 8fb109d1
797f2775 eb5cd530 baade822 5c154c79 ddcb74ed 6dd3c55f 580a9bb1 e3a7cc35
H 9603161f f41fc7ef 9f65ffbc a30f9dbf
M
2dd31d1 c4eee6c5 69a3d69 5cf9af98 87b5ca2f ab7e4612 3e580440 897ffbb8
634ad55 2b3f409 8388e483 5a417125 e8255108 9fc9cdf7 f2bd1dd9 5b3c3780
X2
N2
313e82d8 5b8f3456 d4ac6dae c619c936 b4e253dd fd03da87 6633902 a0cd48d2
42339fe9 e87e570f 70b654ce 1e0da880 bc2198c6 9383a8b6 2b65f996 702af76f
M0
2dd31d1 c4eee6c5 69a3d69 5cf9af98 7b5ca2f ab7e4612 3e580440 897ffbb8
634ad55 2b3f409 8388e483 5a41f125 e8255108 9fc9cdf7 72bd1dd9 5b3c3780
313e82d8 5b8f3456 d4ac6dae c619c936 34e253dd fd03da87 6633902 a0cd48d2
42339fe9 e87e570f 70b654ce 1e0d2880 bc2198c6 9383a8b6 ab65f996 702af76f
H 8d5e7019 6324c015 715d6b58 61804e08
Table 1 Two pairs of collisions for MD5
2 Collisions for HAVAL-128
HAVAL is proposed in [10] HAVAL is a hashing algorithm that can compress messages of any length in 3,4
or 5 passes and produce a fingerprint of length 128, 160, 192 or 224 bits
Attack on a reduced version for HAVAL was given by P R Kasselman and W T Penzhorn [7], which
consists of last rounds for HAVAL-128 We break the full HAVAL-128 with only about the 26 HAVAL
computations Here we give two examples of collisions of HAVAL-128, where
) 0 ,, 0 , 2 , 2 , 0 , 0 , 0 , 2 ( , 8 12 1 i i i C C M M
with non-zeros at position 0,11,18, and 31 , 2 , 1 , 0 i , such that ) ( ) ( M HAVAL M HAVAL
M1
6377448b d9e59f18 f2aa3cbb d6cb92ba ee544a44 879fa576 1ca34633 76ca5d4f
a67a8a42 8d3adc8b b6e3d814 5630998d 86ea5dcd a739ae7b 54fd8e32 acbb2b36
38183c9a b67a9289 c47299b2 27039ee5 dd555e14 839018d8 aabbd9c9 d78fc632
fff4b3a7 40000096 7f466aac fffffbc0 5f4016d2 5f4016d0 12e2b0 f4307f87
M1
6377488b d9e59f18 f2aa3cbb d6cb92ba ee544a44 879fa576 1ca34633 76ca5d4f
a67a8a42 8d3adc8b b6e3d814 d630998d 86ea5dcd a739ae7b 54fd8e32 acbb2b36
38183c9a b67a9289 c47299ba 27039ee5 dd555e14 839018d8 aabbd9c9 d78fc632
fff4b3a7 40000096 7f466aac fffffbc0 5f4016d2 5f4016d0 12e2b0 f4307f87
H 95b5621c ca62817a a48dacd8 6d2b54bf
M2
6377448b d9e59f18 f2aa3cbb d6cb92ba ee544a44 879fa576 1ca34633 76ca5d4f
a67a8a42 8d3adc8b b6e3d814 5630998d 86ea5dcd a739ae7b 54fd8e32 acbb2b36
38183c9a b67a9289 c47299b2 27039ee5 dd555e14 839018d8 aabbd9c9 d78fc632
fff4b3a7 40000096 7f466aac fffffbc0 5f4016d2 5f4016d0 12e2b0 f5b16963
6377488b d9e59f18 f2aa3cbb d6cb92ba ee544a44 879fa576 1ca34633 76ca5d4f
a67a8a42 8d3adc8b b6e3d814 d630998d 86ea5dcd a739ae7b 54fd8e32 acbb2b36
38183c9a b67a9289 c47299ba 27039ee5 dd555e14 839018d8 aabbd9c9 d78fc632
fff4b3a7 40000096 7f466aac fffffbc0 5f4016d2 5f4016d0 12e2b0 f5b16963
H b0e99492 d64eb647 5149ef30 4293733c
Table 2 Two pairs of collision, where i=11 and these two examples differ only at the last word
3 Collisions for MD4
MD4 is designed by R L Rivest[8] Attack of H Dobbertin in Eurocrypto'96[2] can find collision with
probability 1/222 Our attack can find collision with hand calculation, such that
) 0 , 0 , 0 , 2 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 2 2 , 2 , 0 ( , 16 31 28 31 C C M M
and ) ( 4 ) ( 4 M MD M MD
M1
4d7a9c83 56cb927a b9d5a578 57a7a5ee de748a3c dcc366b3 b683a020 3b2a5d9f
c69d71b3 f9e99198 d79f805e a63bb2e8 45dd8e31 97e31fe5 2794bf08 b9e8c3e9
M1
4d7a9c83 d6cb927a 29d5a578 57a7a5ee de748a3c dcc366b3 b683a020 3b2a5d9f
c69d71b3 f9e99198 d79f805e a63bb2e8 45dc8e31 97e31fe5 2794bf08 b9e8c3e9
H 5f5c1a0d 71b36046 1b5435da 9b0d807a
M2
4d7a9c83 56cb927a b9d5a578 57a7a5ee de748a3c dcc366b3 b683a020 3b2a5d9f
c69d71b3 f9e99198 d79f805e a63bb2e8 45dd8e31 97e31fe5 f713c240 a7b8cf69
4d7a9c83 d6cb927a 29d5a578 57a7a5ee de748a3c dcc366b3 b683a020 3b2a5d9f
c69d71b3 f9e99198 d79f805e a63bb2e8 45dc8e31 97e31fe5 f713c240 a7b8cf69
H e0f76122 c429c56c ebb5e256 b809793
Table 3 Two pairs of collisions for MD4
4 Collisions for RIPEMD
RIPEMD was developed for the RIPE project (RACE Integrrity Primitives Evalustion, 1988-1992) In
1995, H Dobbertin proved that the reduced version RIPEMD with two rounds is not collision-free[4] We show
that the full RIPEMD also isnOt collision-free The following are two pairs of collisions for RIPEMD:
) 2 , 0 , 0 , 0 , 0 , 2 2 , 0 , 0 , 0 , 0 , 0 , 0 , 2 , 0 , 0 , 0 ( , 31 31 18 20 ' C C M M i i
M1
579faf8e 9ecf579 574a6aba 78413511 a2b410a4 ad2f6c9f b56202c 4d757911
bdeaae7 78bc91f2 47bc6d7d 9abdd1b1 a45d2015 817104ff 264758a8 61064ea5
M1
579faf8e 9ecf579 574a6aba 78513511 a2b410a4 ad2f6c9f b56202c 4d757911
bdeaae7 78bc91f2 c7c06d7d 9abdd1b1 a45d2015 817104ff 264758a8 e1064ea5
H 1fab152 1654a31b 7a33776a 9e968ba7
M2
579faf8e 9ecf579 574a6aba 78413511 a2b410a4 ad2f6c9f b56202c 4d757911
bdeaae7 78bc91f2 47bc6d7d 9abdd1b1 a45d2015 a0a504ff b18d58a8 e70c66b6
579faf8e 9ecf579 574a6aba 78513511 a2b410a4 ad2f6c9f b56202c 4d757911
bdeaae7 78bc91f2 c7c06d7d 9abdd1b1 a45d2015 a0a504ff b18d58a8 670c66b6
H 1f2c159f 569b31a6 dfcaa51a 25665d24
Table 4 The collisions for RIPEMD
5 Remark
Besides the above hash functions we break, there are some other hash functions not having ideal security For
example, collision of SHA-0 [6] can be found with about 240 computations of SHA-0 algorithms, and a collision
for HAVAL-160 can be found with probability 1/232
Note that the messages and all other values in this paper are composed of 32-bit words, in each 32-bit word
the most left byte is the most significant byte
1 B den Boer, Antoon Bosselaers, Collisions for the Compression Function of MD5, Eurocrypto,93
2 H Dobbertin, Cryptanalysis of MD4, Fast Software Encryption, LNCS 1039, D , Springer-Verlag, 1996
3 H Dobbertin, Cryptanalysis of MD5 compress, presented at the rump session of EurocrZpt'96
4 Hans Dobbertin, RIPEMD with Two-round Compress Function is Not Collision-Free, J Cryptology 10(1),
1997
5 H Dobbertin, A Bosselaers, B Preneel, "RIPMEMD-160: A Strengthened Version of RIPMMD," Fast
Software EncrZption, LNCS 1039, DGollmann, Ed, Springer-Verlag, 1996, pp 71-82
6 FIPS 180-1, Secure hash standard, NIST, US Department of Commerce, Washington D C, April 1995
7 P R Kasselman, W T Penzhorn , Cryptananlysis od reduced version of HAVAL, Vol 36, No 1, Electronic
Letters, 2000
8 R L Rivest, The MD4 Message Digest Algorithm, Request for Comments (RFC)1320, Internet Activities
Board, Internet Privacy Task Force, April 1992
9 R L Rivest, The MD5 Message Digest Algorithm, Request for Comments (RFC)1321, Internet Activities
Board, Internet PrivacZ Task Force, April 19923RIPEMD-1281
10 Y Zheng, J Pieprzyk, J Seberry, HAVAL--A One-way Hashing Algorithm with Variable Length of Output,
Auscrypto'92
MD5 加密是不可逆的也就是说你采用MD5加密后 是无法还原的而且MD5加密不需要密钥如果你需要使用有加密密钥,和可解密的加密方式可以使用AES加密方式
/// <summary>/// AES加密
/// </summary>
/// <param name="toEncrypt"></param>
/// <param name="key"></param>
/// <returns></returns>
public static string Encrypt(string toEncrypt, string key)
{
byte[] keyArray = EncodingUTF8GetBytes(key);
byte[] toEncryptArray = EncodingUTF8GetBytes(toEncrypt);
ICryptoTransform cTransform = new RijndaelManaged
{
Key = keyArray,
Mode = CipherModeECB,
Padding = PaddingModePKCS7
}CreateEncryptor();
byte[] resultArray = cTransformTransformFinalBlock(toEncryptArray, 0, toEncryptArrayLength);
return ConvertToBase64String(resultArray, 0, resultArrayLength);
}
/// <summary>
/// AES解密
/// </summary>
/// <param name="toDecrypt"></param>
/// <param name="key"></param>
/// <returns></returns>
public static string Decrypt(string toDecrypt, string key)
{
byte[] keyArray = UTF8EncodingUTF8GetBytes(key);
byte[] toEncryptArray = ConvertFromBase64String(toDecrypt);
RijndaelManaged rDel = new RijndaelManaged();
rDelKey = keyArray;
rDelMode = CipherModeECB;
rDelPadding = PaddingModePKCS7;
ICryptoTransform cTransform = rDelCreateDecryptor();
byte[] resultArray = cTransformTransformFinalBlock(toEncryptArray, 0, toEncryptArrayLength);
return UTF8EncodingUTF8GetString(resultArray);
}
/ 收藏的一个MD5加密解密
1、 MD5String、MD5File、MD5Print、MD5Match这四个函数是供调用的。其他是用来辅助这几个函///////数//的子函数。
2、MD5String为加密字符串。
3、MD5File为加密这个文件。
4、MD5Print是将加密后的密文转换成字符串。
5、MD5Match是用来比较密文是否一致。
加密字符串aaa MD5String('aaa')
将加密后的aaa显示出来 MD5Print(MD5String('aaa'))
比较两次密文是否一致: MD5Match(MD5String('第一次明文'),MD5String('第二次输入的明文'))
/
unit U_MD5;
// -----------------------------------------------------------------------------------------------
INTERFACE
// -----------------------------------------------------------------------------------------------
uses
Windows;
type
MD5Count = array[01] of DWORD;
MD5State = array[03] of DWORD;
MD5Block = array[015] of DWORD;
MD5CBits = array[07] of byte;
MD5Digest = array[015] of byte;
MD5Buffer = array[063] of byte;
MD5Context = record
State: MD5State;
Count: MD5Count;
Buffer: MD5Buffer;
end;
procedure MD5Init(var Context: MD5Context);
procedure MD5Update(var Context: MD5Context; Input: pChar; Length: longword);
procedure MD5Final(var Context: MD5Context; var Digest: MD5Digest);
function MD5String(M: string): MD5Digest;
function MD5File(N: string): MD5Digest;
function MD5Print(D: MD5Digest): string;
function MD5Match(D1, D2: MD5Digest): boolean;
// -----------------------------------------------------------------------------------------------
IMPLEMENTATION
// -----------------------------------------------------------------------------------------------
var
PADDING: MD5Buffer = (
$80, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00,
$00, $00, $00, $00, $00, $00, $00, $00
);
function F(x, y, z: DWORD): DWORD;
begin
Result := (x and y) or ((not x) and z);
end;
function G(x, y, z: DWORD): DWORD;
begin
Result := (x and z) or (y and (not z));
end;
function H(x, y, z: DWORD): DWORD;
begin
Result := x xor y xor z;
end;
function I(x, y, z: DWORD): DWORD;
begin
Result := y xor (x or (not z));
end;
procedure rot(var x: DWORD; n: BYTE);
begin
x := (x shl n) or (x shr (32 - n));
end;
procedure FF(var a: DWORD; b, c, d, x: DWORD; s: BYTE; ac: DWORD);
begin
inc(a, F(b, c, d) + x + ac);
rot(a, s);
inc(a, b);
end;
procedure GG(var a: DWORD; b, c, d, x: DWORD; s: BYTE; ac: DWORD);
begin
inc(a, G(b, c, d) + x + ac);
rot(a, s);
inc(a, b);
end;
procedure HH(var a: DWORD; b, c, d, x: DWORD; s: BYTE; ac: DWORD);
begin
inc(a, H(b, c, d) + x + ac);
rot(a, s);
inc(a, b);
end;
procedure II(var a: DWORD; b, c, d, x: DWORD; s: BYTE; ac: DWORD);
begin
inc(a, I(b, c, d) + x + ac);
rot(a, s);
inc(a, b);
end;
// -----------------------------------------------------------------------------------------------
// Encode Count bytes at Source into (Count / 4) DWORDs at Target
procedure Encode(Source, Target: pointer; Count: longword);
var
S: PByte;
T: PDWORD;
I: longword;
begin
S := Source;
T := Target;
for I := 1 to Count div 4 do begin
T^ := S^;
inc(S);
T^ := T^ or (S^ shl 8);
inc(S);
T^ := T^ or (S^ shl 16);
inc(S);
T^ := T^ or (S^ shl 24);
inc(S);
inc(T);
end;
end;
// Decode Count DWORDs at Source into (Count 4) Bytes at Target
procedure Decode(Source, Target: pointer; Count: longword);
var
S: PDWORD;
T: PByte;
I: longword;
begin
S := Source;
T := Target;
for I := 1 to Count do begin
T^ := S^ and $ff;
inc(T);
T^ := (S^ shr 8) and $ff;
inc(T);
T^ := (S^ shr 16) and $ff;
inc(T);
T^ := (S^ shr 24) and $ff;
inc(T);
inc(S);
end;
end;
// Transform State according to first 64 bytes at Buffer
procedure Transform(Buffer: pointer; var State: MD5State);
var
a, b, c, d: DWORD;
Block: MD5Block;
begin
Encode(Buffer, @Block, 64);
a := State[0];
b := State[1];
c := State[2];
d := State[3];
FF (a, b, c, d, Block[ 0], 7, $d76aa478);
FF (d, a, b, c, Block[ 1], 12, $e8c7b756);
FF (c, d, a, b, Block[ 2], 17, $242070db);
FF (b, c, d, a, Block[ 3], 22, $c1bdceee);
FF (a, b, c, d, Block[ 4], 7, $f57c0faf);
FF (d, a, b, c, Block[ 5], 12, $4787c62a);
FF (c, d, a, b, Block[ 6], 17, $a8304613);
FF (b, c, d, a, Block[ 7], 22, $fd469501);
FF (a, b, c, d, Block[ 8], 7, $698098d8);
FF (d, a, b, c, Block[ 9], 12, $8b44f7af);
FF (c, d, a, b, Block[10], 17, $ffff5bb1);
FF (b, c, d, a, Block[11], 22, $895cd7be);
FF (a, b, c, d, Block[12], 7, $6b901122);
FF (d, a, b, c, Block[13], 12, $fd987193);
FF (c, d, a, b, Block[14], 17, $a679438e);
FF (b, c, d, a, Block[15], 22, $49b40821);
GG (a, b, c, d, Block[ 1], 5, $f61e2562);
GG (d, a, b, c, Block[ 6], 9, $c040b340);
GG (c, d, a, b, Block[11], 14, $265e5a51);
GG (b, c, d, a, Block[ 0], 20, $e9b6c7aa);
GG (a, b, c, d, Block[ 5], 5, $d62f105d);
GG (d, a, b, c, Block[10], 9, $2441453);
GG (c, d, a, b, Block[15], 14, $d8a1e681);
GG (b, c, d, a, Block[ 4], 20, $e7d3fbc8);
GG (a, b, c, d, Block[ 9], 5, $21e1cde6);
GG (d, a, b, c, Block[14], 9, $c33707d6);
GG (c, d, a, b, Block[ 3], 14, $f4d50d87);
GG (b, c, d, a, Block[ 8], 20, $455a14ed);
GG (a, b, c, d, Block[13], 5, $a9e3e905);
GG (d, a, b, c, Block[ 2], 9, $fcefa3f8);
GG (c, d, a, b, Block[ 7], 14, $676f02d9);
GG (b, c, d, a, Block[12], 20, $8d2a4c8a);
HH (a, b, c, d, Block[ 5], 4, $fffa3942);
HH (d, a, b, c, Block[ 8], 11, $8771f681);
HH (c, d, a, b, Block[11], 16, $6d9d6122);
HH (b, c, d, a, Block[14], 23, $fde5380c);
HH (a, b, c, d, Block[ 1], 4, $a4beea44);
HH (d, a, b, c, Block[ 4], 11, $4bdecfa9);
HH (c, d, a, b, Block[ 7], 16, $f6bb4b60);
HH (b, c, d, a, Block[10], 23, $bebfbc70);
HH (a, b, c, d, Block[13], 4, $289b7ec6);
HH (d, a, b, c, Block[ 0], 11, $eaa127fa);
HH (c, d, a, b, Block[ 3], 16, $d4ef3085);
HH (b, c, d, a, Block[ 6], 23, $4881d05);
HH (a, b, c, d, Block[ 9], 4, $d9d4d039);
HH (d, a, b, c, Block[12], 11, $e6db99e5);
HH (c, d, a, b, Block[15], 16, $1fa27cf8);
HH (b, c, d, a, Block[ 2], 23, $c4ac5665);
II (a, b, c, d, Block[ 0], 6, $f4292244);
II (d, a, b, c, Block[ 7], 10, $432aff97);
II (c, d, a, b, Block[14], 15, $ab9423a7);
II (b, c, d, a, Block[ 5], 21, $fc93a039);
II (a, b, c, d, Block[12], 6, $655b59c3);
II (d, a, b, c, Block[ 3], 10, $8f0ccc92);
II (c, d, a, b, Block[10], 15, $ffeff47d);
II (b, c, d, a, Block[ 1], 21, $85845dd1);
II (a, b, c, d, Block[ 8], 6, $6fa87e4f);
II (d, a, b, c, Block[15], 10, $fe2ce6e0);
II (c, d, a, b, Block[ 6], 15, $a3014314);
II (b, c, d, a, Block[13], 21, $4e0811a1);
II (a, b, c, d, Block[ 4], 6, $f7537e82);
II (d, a, b, c, Block[11], 10, $bd3af235);
II (c, d, a, b, Block[ 2], 15, $2ad7d2bb);
II (b, c, d, a, Block[ 9], 21, $eb86d391);
inc(State[0], a);
inc(State[1], b);
inc(State[2], c);
inc(State[3], d);
end;
// -----------------------------------------------------------------------------------------------
// Initialize given Context
procedure MD5Init(var Context: MD5Context);
begin
with Context do begin
State[0] := $67452301;
State[1] := $efcdab89;
State[2] := $98badcfe;
State[3] := $10325476;
Count[0] := 0;
Count[1] := 0;
ZeroMemory(@Buffer, SizeOf(MD5Buffer));
end;
end;
// Update given Context to include Length bytes of Input
procedure MD5Update(var Context: MD5Context; Input: pChar; Length: longword);
var
Index: longword;
PartLen: longword;
I: longword;
begin
with Context do begin
Index := (Count[0] shr 3) and $3f;
inc(Count[0], Length shl 3);
if Count[0] < (Length shl 3) then inc(Count[1]);
inc(Count[1], Length shr 29);
end;
PartLen := 64 - Index;
if Length >= PartLen then begin
CopyMemory(@ContextBuffer[Index], Input, PartLen);
Transform(@ContextBuffer, ContextState);
I := PartLen;
while I + 63 < Length do begin
Transform(@Input[I], ContextState);
inc(I, 64);
end;
Index := 0;
end else I := 0;
CopyMemory(@ContextBuffer[Index], @Input[I], Length - I);
end;
// Finalize given Context, create Digest and zeroize Context
procedure MD5Final(var Context: MD5Context; var Digest: MD5Digest);
var
Bits: MD5CBits;
Index: longword;
PadLen: longword;
begin
Decode(@ContextCount, @Bits, 2);
Index := (ContextCount[0] shr 3) and $3f;
if Index < 56 then PadLen := 56 - Index else PadLen := 120 - Index;
MD5Update(Context, @PADDING, PadLen);
MD5Update(Context, @Bits, 8);
Decode(@ContextState, @Digest, 4);
ZeroMemory(@Context, SizeOf(MD5Context));
end;
// -----------------------------------------------------------------------------------------------
// Create digest of given Message
function MD5String(M: string): MD5Digest;
var
Context: MD5Context;
begin
MD5Init(Context);
MD5Update(Context, pChar(M), length(M));
MD5Final(Context, Result);
end;
// Create digest of file with given Name
function MD5File(N: string): MD5Digest;
var
FileHandle: THandle;
MapHandle: THandle;
ViewPointer: pointer;
Context: MD5Context;
begin
MD5Init(Context);
FileHandle := CreateFile(pChar(N), GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE,
nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL or FILE_FLAG_SEQUENTIAL_SCAN, 0);
if FileHandle <> INVALID_HANDLE_VALUE then try
MapHandle := CreateFileMapping(FileHandle, nil, PAGE_READONLY, 0, 0, nil);
if MapHandle <> 0 then try
ViewPointer := MapViewOfFile(MapHandle, FILE_MAP_READ, 0, 0, 0);
if ViewPointer <> nil then try
MD5Update(Context, ViewPointer, GetFileSize(FileHandle, nil));
finally
UnmapViewOfFile(ViewPointer);
end;
finally
CloseHandle(MapHandle);
end;
finally
CloseHandle(FileHandle);
end;
MD5Final(Context, Result);
end;
// Create hex representation of given Digest
function MD5Print(D: MD5Digest): string;
var
I: byte;
const
Digits: array[015] of char =
('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f');
begin
Result := '';
for I := 0 to 15 do Result := Result + Digits[(D[I] shr 4) and $0f] + Digits[D[I] and $0f];
end;
// -----------------------------------------------------------------------------------------------
// Compare two Digests
function MD5Match(D1, D2: MD5Digest): boolean;
var
I: byte;
begin
I := 0;
Result := TRUE;
while Result and (I < 16) do begin
Result := D1[I] = D2[I];
inc(I);
end;
end;
end
复杂的密码~~~~开台电脑算他两个月估计算出来了
现在很多字典破解的工具,但速度太慢不建议使用。
你到下面的网站去试试,不行劝你死心,我开过两台电脑算一个密码算了两天一点头绪都没以下是提供查询的网站
http://wwwmd5lookupcom/category=01-3&searck=on
http://wwwmd5orgcn
http://wwwxmd5org/
http://wwwmilw0rmcom/md5/infophp
http://wwwneeaocom/md5/
http://md5mmkeycom/
http://gdataonlinecom/seekhashphp
http://wwwplain-textinfo/searchphp
http://passcrackingcom/Good_values_listasp
http://wwwhashcheckercom/indexphp_sls=search_hash
http://md5rednoizecom/
http://usmd5crysmnet/
http://uploadpagenet/ap/php/projects/rt/addhashphp
d5密文破解(解密)可以说是网络攻击中的一个必不可少的环节,是黑客工具中的一个重要“辅助工具”。md5解密主要用于网络攻击,在对网站等进行入侵过程,有可能获得管理员或者其他用户的账号和密码值(md5加密后的值)。获得的密码值有两种情况,一种是明文,另外一种就是对明文进行了加密。如果密码值是加密的,这个时候就需要对密码值进行判断,如果是采取md5加密,则可以通过MD5Crack3等软件进行破解。王小云教授的md5密码碰撞破解算法没有公布,因此目前Md5解密方式主要采取暴力破解,
即软件通过算法生成字典,然后使用md5函数加密该字典中的值形成密文,接着跟需要破解的密文进行比较,如果相同则认为破解成功。目前网上有很多网站提供md5加密或者加密值查询,将加密后的md5值,输入到网站中,如果网站数据库中存在该md5,则该值对应的md5加密前的值就为密码。本案例介绍如何使用MD5Crack3以及一些在线的网站来进行破解;MD5Crack3是阿呆写的一款md5密码破解软件,其网站地址:http://wwwadintrcom/subject/mdcrk/indexhtm,目前已经发布了MD5Crack40版本,也可以到我的blog(http://simeonblog51ctocom/18680/144558)去下载。
(一)在线生成md5密码值
1有关md5加解密知识
Md5密文破解(解密)可以说是网络攻击中的一个必不可少的环节,是黑客工具中的一个重要“辅助工具”。md5解密主要用于网络攻击,在对网站等进行入侵过程,有可能获得管理员或者其他用户的账号和密码值(md5加密后的值)。获得的密码值有两种情况,一种是明文,另外一种就是对明文进行了加密。如果密码值是加密的,这个时候就需要对密码值进行判断,如果是采取md5加密,则可以通过MD5Crack4等软件进行破解。王小云教授的md5密码碰撞破解算法没有公布,因此目前Md5解密方式主要采取暴力破解,
即软件通过算法生成字典,然后使用md5函数加密该字典中的值形成密文,接着跟需要破解的密文进行比较,如果相同则认为破解成功。目前网上有很多网站提供md5加密或者加密值查询,将加密后的md5值,输入到网站中,如果网站数据库中存在该md5,则该值对应的md5加密前的值就为密码。
2通过cmd5网站生成md5密码
在浏览器中输入地址“http://wwwcmd5com/”,在输入框中输入想要加密的原始密码,然后单击“md5加密或解密”按钮即可,如图1所示,原始密码为“goodman88”,加密后的密码值为:
MD5(goodman88,32)
=
d5a8e0b115259023faa219f5b53ca522
MD5(goodman88,16)
=
15259023faa219f5
图1
md5加密
作为实验数据,我们在生成一组生日的md5密码如下:
MD5(19801230,32)
=
2540bb62336a8eb3ebc1e42ee44c8e3d
MD5(19801230,16)
=
336a8eb3ebc1e42e
(二)在线破解md5密码值
1通过cmd5网站破解md5密码
在cmd5网站的输入框中输入刚才加密后的md5
32值“d5a8e0b115259023faa219f5b53ca522”,然后单击“md5加密或解密”按钮即可,如图2所示,未能成功破解。
图2
通过cmd5网站未能破解md5密码
将第二个生日加密后的md5值“2540bb62336a8eb3ebc1e42ee44c8e3d”,放入cmd5网站进行破解,很快其结果就出来了,如图3所示。
图3
破解简单的数字密码
2在线md5破解网站收费破解高难度的md5密码值
一些在线网站提供的md5密码破解只能破解已经收录和一些简单的密码,对于稍微复杂一点的密码,都不容易被破解;而且对一些稍微有点难度的md5密码值,如果数据库中有,在线网站是要求付费的,例如用一个复杂一点的md5值进行破解,如图4所示,提示找到,但是要求进行付费。
图4要求付费才能查看md5密码值
(三)使用字典暴力破解md5密码值
1再次生成md5密码值
再在cmd5网站生成原密码为“jimmychu246”的md5密码值为:
MD5(jimmychu246,32)
=
437f4fffb6b2e5aaca9fd1712b8ad282
MD5(jimmychu246,16)
=
b6b2e5aaca9fd171
直接运行md5crack4,运行界面如图5所示。
图5
md5crack4程序主界面
2在md5crack4中验证md5值
将需要破解的md5值(437f4fffb6b2e5aaca9fd1712b8ad282)粘贴到“破解单个密文(Single
Cryptograph)”输入框中,如图6所示,如果该md5值是正确的,则会在“破解单个密文”输入框下方显示黑色的“有效(valid)”两个字,否则显示“valid”为灰色。
3使用字典进行破解
在“字符设置(Plaintext
Setting)”中选择“字典(Dictionary)”,并在“N01”、“N02”以及“N03”中选择三个不同的字典,选择完毕后,单击“Start”按钮开始md5破解,破解结束后会给出相应的提示,如图7所示,在本案例中使用字典破解成功,在Result中显示破解的密码为“jimmychu246”。
图7使用字典进行破解
4“使用字符集(Char
Muster)”中的数字进行破解
将上面生成的数字md5值“336a8eb3ebc1e42e”放入单一md5密码破解输入框中,选中“Char
Muster”后,依次可以选择“Number”、“lowercase”、“majuscule”、“special
char”以及“custom”进行破解,在本例中使用数字进行破击,因此
“最小长度(Min
Length)”中设置为“1”,“最大长度(Max
Length)”中设置为“8”,然后单击“开始”按钮,使用数字进行md5破解,尝试破解密码位数从1~9999999之间的所有数字组合,如图8所示,其密码值破解成功,破解结果为“336a8eb3ebc1e42e
--->
[19801230]”。
图8
使用数字进行破解
&说明
(1)在md5crack4中还可以定义数字、大小字母、特殊字符的组合来进行破解。
(2)如果计算机配置比较好,可以设置更多线程。
(3)如果自定义进行破解,建议先选择使用数字,然后依次是数字、大小字母、特殊字符的组合。破解时先易后难,否则破解时间太长。
(4)在md5crack4还可以“使用插件”进行破解。
(5)在md5crack4中还可以设置软件显示的语言版本,一共有中文简体和英语两个版本,单击主界面中的设置(Option),即可进行设置,如图9所示。
图9
设置md5crack4
5一次破解多个密码
将需要破解的md5密码全部存放到一个txt文件中,每一个密码独立一行,然后在md5crack4中单击“破解多个密文”,选择刚才编辑的md5密码文件,如图10所示,选择一种破解方式,在本案例中选择使用数字字典进行破解,最后单击“开始”按钮开始破解。
图10
破解多个md5密码值
在md5crack4右下方会显示破解结果,单击“日志”可以查看md5值校验等日志信息,单击“结果”可以查看破解的结果,如图11所示,在结果中会将md5值与原始密码进行一一对应。
图11
破解结果
Md5加解密是网络攻防中必须掌握的知识,本文介绍了使用md5cracker以及通过网站来对md5值进行破解,对md5破解,可以先在一些md5破解网站进行破解,如果未能破解,则可以在本地通过md5cracker进行破解。
ps:转载至安天365
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)