浅谈MD5加密算法的实现~~~~

coolfax · 发表于 2003-11-2 22:08:54

在一些初始化处理后，MD5以512位分组来处理输入文本，每一分组又划分为16个32位子分组。算法的输出由四个32位分组组成，将它们级联形成一个128位散列值。
首先填充消息使其长度恰好为一个比512位的倍数仅小64位的数。填充方法是附一个1在消息后面，后接所要求的多个0，然后在其后附上64位的消息长度（填充前）。这两步的作用是使消息长度恰好是512位的整数倍（算法的其余部分要求如此），同时确保不同的消息在填充后不相同。
四个32位变量初始化为：
A=0x01234567
B=0x89abcdef
C=0xfedcba98
D=0x76543210
它们称为链接变量（chaining variable）
接着进行算法的主循环，循环的次数是消息中512位消息分组的数目。
将上面四个变量复制到别外的变量中：A到a，B到b，C到c，D到d。
主循环有四轮（MD4只有三轮），每轮很相拟。第一轮进行16次操作。每次操作对a，b，c和d中的其中三个作一次非线性函数运算，然后将所得结果加上第四个变量，文本的一个子分组和一个常数。再将所得结果向右环移一个不定的数，并加上a，b，c或d中之一。最后用该结果取代a，b，c或d中之一。
以一下是每次操作中用到的四个非线性函数（每轮一个）。
F(X,Y,Z)=(X&Y)|((~X)&Z)
G(X,Y,Z)=(X&Z)|(Y&(~Z))
H(X,Y,Z)=X^Y^Z
I(X,Y,Z)=Y^(X|(~Z))
(&是与,|是或,~是非,^是异或)
这些函数是这样设计的：如果X、Y和Z的对应位是独立和均匀的，那么结果的每一位也应是独立和均匀的。
函数F是按逐位方式操作：如果X，那么Y，否则Z。函数H是逐位奇偶操作符。
设Mj表示消息的第j个子分组（从0到15），<<<s表示循环左移s位，则四种操作为：
FF(a,b,c,d,Mj,s,ti)表示a=b+((a+(F(b,c,d)+Mj+ti)<<<s)
GG(a,b,c,d,Mj,s,ti)表示a=b+((a+(G(b,c,d)+Mj+ti)<<<s)
HH(a,b,c,d,Mj,s,ti)表示a=b+((a+(H(b,c,d)+Mj+ti)<<<s)
II(a,b,c,d,Mj,s,ti)表示a=b+((a+(I(b,c,d)+Mj+ti)<<<s)
这四轮（64步）是：
第一轮
FF(a,b,c,d,M0,7,0xd76aa478)
FF(d,a,b,c,M1,12,0xe8c7b756)
FF(c,d,a,b,M2,17,0x242070db)
FF(b,c,d,a,M3,22,0xc1bdceee)
FF(a,b,c,d,M4,7,0xf57c0faf)
FF(d,a,b,c,M5,12,0x4787c62a)
FF(c,d,a,b,M6,17,0xa8304613)
FF(b,c,d,a,M7,22,0xfd469501)
FF(a,b,c,d,M8,7,0x698098d8)
FF(d,a,b,c,M9,12,0x8b44f7af)
FF(c,d,a,b,M10,17,0xffff5bb1)
FF(b,c,d,a,M11,22,0x895cd7be)
FF(a,b,c,d,M12,7,0x6b901122)
FF(d,a,b,c,M13,12,0xfd987193)
FF(c,d,a,b,M14,17,0xa679438e)
FF(b,c,d,a,M15,22,0x49b40821)
第二轮
GG(a,b,c,d,M1,5,0xf61e2562)
GG(d,a,b,c,M6,9,0xc040b340)
GG(c,d,a,b,M11,14,0x265e5a51)
GG(b,c,d,a,M0,20,0xe9b6c7aa)
GG(a,b,c,d,M5,5,0xd62f105d)
GG(d,a,b,c,M10,9,0x02441453)
GG(c,d,a,b,M15,14,0xd8a1e681)
GG(b,c,d,a,M4,20,0xe7d3fbc8)
GG(a,b,c,d,M9,5,0x21e1cde6)
GG(d,a,b,c,M14,9,0xc33707d6)
GG(c,d,a,b,M3,14,0xf4d50d87)
GG(b,c,d,a,M8,20,0x455a14ed)
GG(a,b,c,d,M13,5,0xa9e3e905)
GG(d,a,b,c,M2,9,0xfcefa3f8)
GG(c,d,a,b,M7,14,0x676f02d9)
GG(b,c,d,a,M12,20,0x8d2a4c8a)
第三轮
HH(a,b,c,d,M5,4,0xfffa3942)
HH(d,a,b,c,M8,11,0x8771f681)
HH(c,d,a,b,M11,16,0x6d9d6122)
HH(b,c,d,a,M14,23,0xfde5380c)
HH(a,b,c,d,M1,4,0xa4beea44)
HH(d,a,b,c,M4,11,0x4bdecfa9)
HH(c,d,a,b,M7,16,0xf6bb4b60)
HH(b,c,d,a,M10,23,0xbebfbc70)
HH(a,b,c,d,M13,4,0x289b7ec6)
HH(d,a,b,c,M0,11,0xeaa127fa)
HH(c,d,a,b,M3,16,0xd4ef3085)
HH(b,c,d,a,M6,23,0x04881d05)
HH(a,b,c,d,M9,4,0xd9d4d039)
HH(d,a,b,c,M12,11,0xe6db99e5)
HH(c,d,a,b,M15,16,0x1fa27cf8)
HH(b,c,d,a,M2,23,0xc4ac5665)
第四轮
II(a,b,c,d,M0,6,0xf4292244)
II(d,a,b,c,M7,10,0x432aff97)
II(c,d,a,b,M14,15,0xab9423a7)
II(b,c,d,a,M5,21,0xfc93a039)
II(a,b,c,d,M12,6,0x655b59c3)
II(d,a,b,c,M3,10,0x8f0ccc92)
II(c,d,a,b,M10,15,0xffeff47d)
II(b,c,d,a,M1,21,0x85845dd1)
II(a,b,c,d,M8,6,0x6fa87e4f)
II(d,a,b,c,M15,10,0xfe2ce6e0)
II(c,d,a,b,M6,15,0xa3014314)
II(b,c,d,a,M13,21,0x4e0811a1)
II(a,b,c,d,M4,6,0xf7537e82)
II(d,a,b,c,M11,10,0xbd3af235)
II(c,d,a,b,M2,15,0x2ad7d2bb)
II(b,c,d,a,M9,21,0xeb86d391)
常数ti可以如下选择：
在第i步中，ti是4294967296*abs(sin(i))的整数部分,i的单位是弧度。
(2的32次方)
所有这些完成之后，将A，B，C，D分别加上a，b，c，d。然后用下一分组数据继续运行算法，最后的输出是A，B，C和D的级联。
MD5的安全性

MD5相对MD4所作的改进：
1.增加了第四轮.
2.每一步均有唯一的加法常数.
3.为减弱第二轮中函数G的对称性从(X&Y)|(X&Z)|(Y&Z)变为(X&Z)|(Y&(~Z))
4.第一步加上了上一步的结果,这将引起更快的雪崩效应.
5.改变了第二轮和第三轮中访问消息子分组的次序,使其更不相似.
6.近似优化了每一轮中的循环左移位移量以实现更快的雪崩效应.各轮的位移量互不相同.

coolfax · 发表于 2003-11-2 22:09:43

给个实际例子: 下面是动网用的16位MD5加密源代码

<%
Private Const BITS_TO_A_BYTE = 8
Private Const BYTES_TO_A_WORD = 4
Private Const BITS_TO_A_WORD = 32

Private m_lOnBits(30)
Private m_l2Power(30)

Private Function LShift(lValue, iShiftBits)
If iShiftBits = 0 Then
      LShift = lValue
      Exit Function
ElseIf iShiftBits = 31 Then
      If lValue And 1 Then
         LShift = &H80000000
      Else
         LShift = 0
      End If
      Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
      Err.Raise 6
End If

If (lValue And m_l2Power(31 - iShiftBits)) Then
      LShift = ((lValue And m_lOnBits(31 - (iShiftBits + 1))) * m_l2Power(iShiftBits)) Or &H80000000
Else
      LShift = ((lValue And m_lOnBits(31 - iShiftBits)) * m_l2Power(iShiftBits))
End If
End Function

Private Function RShift(lValue, iShiftBits)
If iShiftBits = 0 Then
      RShift = lValue
      Exit Function
ElseIf iShiftBits = 31 Then
      If lValue And &H80000000 Then
         RShift = 1
      Else
         RShift = 0
      End If
      Exit Function
ElseIf iShiftBits < 0 Or iShiftBits > 31 Then
      Err.Raise 6
End If

RShift = (lValue And &H7FFFFFFE) \ m_l2Power(iShiftBits)

If (lValue And &H80000000) Then
      RShift = (RShift Or (&H40000000 \ m_l2Power(iShiftBits - 1)))
End If
End Function

Private Function RotateLeft(lValue, iShiftBits)
RotateLeft = LShift(lValue, iShiftBits) Or RShift(lValue, (32 - iShiftBits))
End Function

Private Function AddUnsigned(lX, lY)
Dim lX4
Dim lY4
Dim lX8
Dim lY8
Dim lResult

lX8 = lX And &H80000000
lY8 = lY And &H80000000
lX4 = lX And &H40000000
lY4 = lY And &H40000000

lResult = (lX And &H3FFFFFFF) + (lY And &H3FFFFFFF)

If lX4 And lY4 Then
      lResult = lResult Xor &H80000000 Xor lX8 Xor lY8
ElseIf lX4 Or lY4 Then
      If lResult And &H40000000 Then
         lResult = lResult Xor &HC0000000 Xor lX8 Xor lY8
      Else
         lResult = lResult Xor &H40000000 Xor lX8 Xor lY8
      End If
Else
      lResult = lResult Xor lX8 Xor lY8
End If

AddUnsigned = lResult
End Function

Private Function md5_F(x, y, z)
md5_F = (x And y) Or ((Not x) And z)
End Function

Private Function md5_G(x, y, z)
md5_G = (x And z) Or (y And (Not z))
End Function

Private Function md5_H(x, y, z)
md5_H = (x Xor y Xor z)
End Function

Private Function md5_I(x, y, z)
md5_I = (y Xor (x Or (Not z)))
End Function

Private Sub md5_FF(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(md5_F(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub

Private Sub md5_GG(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(md5_G(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub

Private Sub md5_HH(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(md5_H(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub

Private Sub md5_II(a, b, c, d, x, s, ac)
a = AddUnsigned(a, AddUnsigned(AddUnsigned(md5_I(b, c, d), x), ac))
a = RotateLeft(a, s)
a = AddUnsigned(a, b)
End Sub

Private Function ConvertToWordArray(sMessage)
Dim lMessageLength
Dim lNumberOfWords
Dim lWordArray()
Dim lBytePosition
Dim lByteCount
Dim lWordCount

Const MODULUS_BITS = 512
Const CONGRUENT_BITS = 448

lMessageLength = Len(sMessage)

lNumberOfWords = (((lMessageLength + ((MODULUS_BITS - CONGRUENT_BITS) \ BITS_TO_A_BYTE)) \ (MODULUS_BITS \ BITS_TO_A_BYTE)) + 1) * (MODULUS_BITS \ BITS_TO_A_WORD)
ReDim lWordArray(lNumberOfWords - 1)

lBytePosition = 0
lByteCount = 0
Do Until lByteCount >= lMessageLength
      lWordCount = lByteCount \ BYTES_TO_A_WORD
      lBytePosition = (lByteCount Mod BYTES_TO_A_WORD) * BITS_TO_A_BYTE
      lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(Asc(Mid(sMessage, lByteCount + 1, 1)), lBytePosition)
      lByteCount = lByteCount + 1
Loop

lWordCount = lByteCount \ BYTES_TO_A_WORD
lBytePosition = (lByteCount Mod BYTES_TO_A_WORD) * BITS_TO_A_BYTE

lWordArray(lWordCount) = lWordArray(lWordCount) Or LShift(&H80, lBytePosition)

lWordArray(lNumberOfWords - 2) = LShift(lMessageLength, 3)
lWordArray(lNumberOfWords - 1) = RShift(lMessageLength, 29)

ConvertToWordArray = lWordArray
End Function

Private Function WordToHex(lValue)
Dim lByte
Dim lCount

For lCount = 0 To 3
      lByte = RShift(lValue, lCount * BITS_TO_A_BYTE) And m_lOnBits(BITS_TO_A_BYTE - 1)
      WordToHex = WordToHex & Right("0" & Hex(lByte), 2)
Next
End Function

Public Function MD5(sMessage)
m_lOnBits(0) = CLng(1)
m_lOnBits(1) = CLng(3)
m_lOnBits(2) = CLng(7)
m_lOnBits(3) = CLng(15)
m_lOnBits(4) = CLng(31)
m_lOnBits(5) = CLng(63)
m_lOnBits(6) = CLng(127)
m_lOnBits(7) = CLng(255)
m_lOnBits(8) = CLng(511)
m_lOnBits(9) = CLng(1023)
m_lOnBits(10) = CLng(2047)
m_lOnBits(11) = CLng(4095)
m_lOnBits(12) = CLng(8191)
m_lOnBits(13) = CLng(16383)
m_lOnBits(14) = CLng(32767)
m_lOnBits(15) = CLng(65535)
m_lOnBits(16) = CLng(131071)
m_lOnBits(17) = CLng(262143)
m_lOnBits(18) = CLng(524287)
m_lOnBits(19) = CLng(1048575)
m_lOnBits(20) = CLng(2097151)
m_lOnBits(21) = CLng(4194303)
m_lOnBits(22) = CLng(8388607)
m_lOnBits(23) = CLng(16777215)
m_lOnBits(24) = CLng(33554431)
m_lOnBits(25) = CLng(67108863)
m_lOnBits(26) = CLng(134217727)
m_lOnBits(27) = CLng(268435455)
m_lOnBits(28) = CLng(536870911)
m_lOnBits(29) = CLng(1073741823)
m_lOnBits(30) = CLng(2147483647)

m_l2Power(0) = CLng(1)
m_l2Power(1) = CLng(2)
m_l2Power(2) = CLng(4)
m_l2Power(3) = CLng(8)
m_l2Power(4) = CLng(16)
m_l2Power(5) = CLng(32)
m_l2Power(6) = CLng(64)
m_l2Power(7) = CLng(128)
m_l2Power(8) = CLng(256)
m_l2Power(9) = CLng(512)
m_l2Power(10) = CLng(1024)
m_l2Power(11) = CLng(2048)
m_l2Power(12) = CLng(4096)
m_l2Power(13) = CLng(8192)
m_l2Power(14) = CLng(16384)
m_l2Power(15) = CLng(32768)
m_l2Power(16) = CLng(65536)
m_l2Power(17) = CLng(131072)
m_l2Power(18) = CLng(262144)
m_l2Power(19) = CLng(524288)
m_l2Power(20) = CLng(1048576)
m_l2Power(21) = CLng(2097152)
m_l2Power(22) = CLng(4194304)
m_l2Power(23) = CLng(8388608)
m_l2Power(24) = CLng(16777216)
m_l2Power(25) = CLng(33554432)
m_l2Power(26) = CLng(67108864)
m_l2Power(27) = CLng(134217728)
m_l2Power(28) = CLng(268435456)
m_l2Power(29) = CLng(536870912)
m_l2Power(30) = CLng(1073741824)

Dim x
Dim k
Dim AA
Dim BB
Dim CC
Dim DD
Dim a
Dim b
Dim c
Dim d

Const S11 = 7
Const S12 = 12
Const S13 = 17
Const S14 = 22
Const S21 = 5
Const S22 = 9
Const S23 = 14
Const S24 = 20
Const S31 = 4
Const S32 = 11
Const S33 = 16
Const S34 = 23
Const S41 = 6
Const S42 = 10
Const S43 = 15
Const S44 = 21

x = ConvertToWordArray(sMessage)

a = &H67452301
b = &HEFCDAB89
c = &H98BADCFE
d = &H10325476

For k = 0 To UBound(x) Step 16
      AA = a
      BB = b
      CC = c
      DD = d

      md5_FF a, b, c, d, x(k + 0), S11, &HD76AA478
      md5_FF d, a, b, c, x(k + 1), S12, &HE8C7B756
      md5_FF c, d, a, b, x(k + 2), S13, &H242070DB
      md5_FF b, c, d, a, x(k + 3), S14, &HC1BDCEEE
      md5_FF a, b, c, d, x(k + 4), S11, &HF57C0FAF
      md5_FF d, a, b, c, x(k + 5), S12, &H4787C62A
      md5_FF c, d, a, b, x(k + 6), S13, &HA8304613
      md5_FF b, c, d, a, x(k + 7), S14, &HFD469501
      md5_FF a, b, c, d, x(k + 8), S11, &H698098D8
      md5_FF d, a, b, c, x(k + 9), S12, &H8B44F7AF
      md5_FF c, d, a, b, x(k + 10), S13, &HFFFF5BB1
      md5_FF b, c, d, a, x(k + 11), S14, &H895CD7BE
      md5_FF a, b, c, d, x(k + 12), S11, &H6B901122
      md5_FF d, a, b, c, x(k + 13), S12, &HFD987193
      md5_FF c, d, a, b, x(k + 14), S13, &HA679438E
      md5_FF b, c, d, a, x(k + 15), S14, &H49B40821

      md5_GG a, b, c, d, x(k + 1), S21, &HF61E2562
      md5_GG d, a, b, c, x(k + 6), S22, &HC040B340
      md5_GG c, d, a, b, x(k + 11), S23, &H265E5A51
      md5_GG b, c, d, a, x(k + 0), S24, &HE9B6C7AA
      md5_GG a, b, c, d, x(k + 5), S21, &HD62F105D
      md5_GG d, a, b, c, x(k + 10), S22, &H2441453
      md5_GG c, d, a, b, x(k + 15), S23, &HD8A1E681
      md5_GG b, c, d, a, x(k + 4), S24, &HE7D3FBC8
      md5_GG a, b, c, d, x(k + 9), S21, &H21E1CDE6
      md5_GG d, a, b, c, x(k + 14), S22, &HC33707D6
      md5_GG c, d, a, b, x(k + 3), S23, &HF4D50D87
      md5_GG b, c, d, a, x(k + 8), S24, &H455A14ED
      md5_GG a, b, c, d, x(k + 13), S21, &HA9E3E905
      md5_GG d, a, b, c, x(k + 2), S22, &HFCEFA3F8
      md5_GG c, d, a, b, x(k + 7), S23, &H676F02D9
      md5_GG b, c, d, a, x(k + 12), S24, &H8D2A4C8A

      md5_HH a, b, c, d, x(k + 5), S31, &HFFFA3942
      md5_HH d, a, b, c, x(k + 8), S32, &H8771F681
      md5_HH c, d, a, b, x(k + 11), S33, &H6D9D6122
      md5_HH b, c, d, a, x(k + 14), S34, &HFDE5380C
      md5_HH a, b, c, d, x(k + 1), S31, &HA4BEEA44
      md5_HH d, a, b, c, x(k + 4), S32, &H4BDECFA9
      md5_HH c, d, a, b, x(k + 7), S33, &HF6BB4B60
      md5_HH b, c, d, a, x(k + 10), S34, &HBEBFBC70
      md5_HH a, b, c, d, x(k + 13), S31, &H289B7EC6
      md5_HH d, a, b, c, x(k + 0), S32, &HEAA127FA
      md5_HH c, d, a, b, x(k + 3), S33, &HD4EF3085
      md5_HH b, c, d, a, x(k + 6), S34, &H4881D05
      md5_HH a, b, c, d, x(k + 9), S31, &HD9D4D039
      md5_HH d, a, b, c, x(k + 12), S32, &HE6DB99E5
      md5_HH c, d, a, b, x(k + 15), S33, &H1FA27CF8
      md5_HH b, c, d, a, x(k + 2), S34, &HC4AC5665

      md5_II a, b, c, d, x(k + 0), S41, &HF4292244
      md5_II d, a, b, c, x(k + 7), S42, &H432AFF97
      md5_II c, d, a, b, x(k + 14), S43, &HAB9423A7
      md5_II b, c, d, a, x(k + 5), S44, &HFC93A039
      md5_II a, b, c, d, x(k + 12), S41, &H655B59C3
      md5_II d, a, b, c, x(k + 3), S42, &H8F0CCC92
      md5_II c, d, a, b, x(k + 10), S43, &HFFEFF47D
      md5_II b, c, d, a, x(k + 1), S44, &H85845DD1
      md5_II a, b, c, d, x(k + 8), S41, &H6FA87E4F
      md5_II d, a, b, c, x(k + 15), S42, &HFE2CE6E0
      md5_II c, d, a, b, x(k + 6), S43, &HA3014314
      md5_II b, c, d, a, x(k + 13), S44, &H4E0811A1
      md5_II a, b, c, d, x(k + 4), S41, &HF7537E82
      md5_II d, a, b, c, x(k + 11), S42, &HBD3AF235
      md5_II c, d, a, b, x(k + 2), S43, &H2AD7D2BB
      md5_II b, c, d, a, x(k + 9), S44, &HEB86D391

      a = AddUnsigned(a, AA)
      b = AddUnsigned(b, BB)
      c = AddUnsigned(c, CC)
      d = AddUnsigned(d, DD)
Next

'MD5 = LCase(WordToHex(a) & WordToHex(b) & WordToHex(c) & WordToHex(d))
MD5=LCase(WordToHex(b) & WordToHex(c))  'I crop this to fit 16byte database password :D
End Function
%>

coolfax · 发表于 2003-11-2 22:10:37

最后谈谈MD5加密的安全性

由于MD5就是采用单向加密的加密算法，就是说，没有办法对加密以后的数据进行解密,操作是不可逆的.即使你知道算法,也没办法把加密后的信息还原.不过最近网上流传一个可以暴力破解动网MD5加密的工具,据说可以破解比较简单的密码.我下载回来了,还没有时间试试

所以为了安全起见,即使使用了MD5加密,密码还是最好长些,复杂些,就不容易暴力破解了

erjing · 发表于 2003-11-3 10:56:50

厉害厉害！

		自动登录	找回密码
密码			立即注册

浅谈MD5加密算法的实现~~~~

浏览过的版块