Sunday, 22 May 2016

Roll your own MD5 implementation - here's how!

Roll your own MD5 implementation - here's how!

If you wish to implement an MD5 algorithm (commonly used to verify data integrity) in C# the "right way" to go about it is to inherit from class MD5.

public (abstract) class MD5: HashAlgorithm  [From mscorlib and in System.Security.Cryptography]

public (abstract) class HashAlgorithm: IDisposable, ICryptoTransform

Brainchild of Yale Mathematician Ron Rivest!

The MD5 ("message digest") algorithm was designed in 1991 by Ronald Rivest (whose academic journey began with a Bachelors in Mathematics from Yale) as the successor to MD4, although execution speed is slower. It is described in RFC1321. It produces a 128 bit digest or "fingerprint" of the input data. That "fingerprint" can then be used to validate the integrity of downloaded data files.

The Avalanche Effect

A concept that comes up in discussions of MD5 and other related algorithms is the notion of the avalanche effect. This is a scenario where an input bit is allowed to impact two or more output bits. Berlin-born cryptographer Horst Feistel, whose research led to the formation of the Data Encryption Standard, or DES, in the 1970s, and gave his name to the Feistel cipher, coined the term.

The Idea of a One Way Hash Function or Cryptographic Checksum

To understand MD5 as a cryptographic checksum or one-way hash function, we should understand the basics of hash functions.  A hash function converts a variable length input into a fixed length output (the former is known as the "pre-image" and the latter the "hash value"). The application is verification - to validate if a given "pre-image" is "likely" to be the same as the real "pre-image" the user is trying to validate.  The key to a cryptographic hash, or one-way hash, is that it is difficult to create a "pre-image" that hashes to a particular value. In short, it is hard to spoof the true "pre-image".

No comments: