1 | TM HIU MD5 V CC GII THUT M HA

Mc lc .1
Li ni u ....2
Chng I Tm hiu MD5...3
I Gii thiu v MD5..3
1.Gii thiu.3
2.ng dng quan trng...3
3.c im..4
II Thut gii...4
1.u vo v u ra.4
2.Thut gii..6
Chng II B kha MD5..11
I Nhng l hng...11
II Tn cng bng bm..12
1.S khc bit gia cc Module v cc php ton XOR..12
2.Tn cng vo s chnh lch ca hm bm13
3. Ti u ha s chnh lch va chm ca hm bm.14
III Tn cng bng va chm .....15
1.k hiu15
2. S chnh lch va chm ca md5..15
3. iu kin y c trng ca cc nhm16
4.Sa i thng ip18
5.Tn cng khc nhau vo MD5..19

Ti liu tham kho.25

2 | TM HIU MD5 V CC GII THUT M HA

Li ni u
Trc khi cc bn to mt chng trnh b kha nhm vo s serial ca
chng trnh (cn gi l keygen), ngoi vic bit code bng mt ngn ng lp
trnh no , cc bn nn hc qua cc thut ton m ha. V vic hc cho tt
ngn ng lp trnh cha chc cc bn to c mt keygen. Luyn c code
cho tt l mt vic nn lm, nhng cha chc bn nm ht ngha ca on
code . V cc phn mm mi sau ny h dung cc cch m ha lm phc tp
qu trnh b kha. Khi ta khng nm vng mt s thut ton m ha, th d
bn c thit l gii, bn cng mt nhiu thi gian b kha. Nhng nu bn
nm vng c thut ton m ha ca n th chuyn nh nh con th.
Hc thut ton chng ta s hc c rt nhiu iu. N ging nh vic hc
bng cu chng vy. Chng ta phi hc thuc cc loi thut ton m ha,
quen vi n, thy n lm vic, thn thit vi n khi gp n, hay hu du
ca n hoc ci g gn ging n chng ta s khng phi b ng.
Mi ngi chng ta u c mt du vn tay ring, khng ai ging ai. Chnh
to ha to ra chng, t nhng tng , con ngi mi ngh ra vic: ti
sao chng ta khng t to ra mt du vn tay cho mt ci g phn bit
chng vi nhau. V d nh tn ngi chng hn (tn l chui cc k t c
gi l String). Do vy trong lnh vc cng ngh thng tin ngi ta bt u
nghin cu cc cch to ra du vn tay cho cc chui String. Mt trong
nhng cch l thut ton MD5 m chng ti s ni di y.
du vn tay do thut ton MD5 to ra t mt String gi l message digest
(gi tt l md) hay cn gi l MD5 hashes (gi tt l hashes)
Bn bo co ny ch tm hiu cch thc hin ca MD5, nguyn l cng nh
thut ton c th. T gip chng ta nhn dng ra cc chng trnh s dng
MD5

3 | TM HIU MD5 V CC GII THUT M HA

TM HIU MD5 V
CC GII THUT M HA
Chng 1 Tm hiu MD5
I Gii thiu v MD5(Message-Digest algorithm)
1 Gii thiu:
T tng mi ngi c mt du vn tay ring phn bit mi ngi vi
nhau Ronald Rivest to ra MD5 nh mt cng ngh to du vn
tay(fingerprint) cho 1 ci g (vn bn,password) phn bit chng vi
nhau.
-MD5 (Message-Digest algorithm 5) l mt hm bm m ha vi gi tr
bm l
128bit. Tng c xem l mt chun trn Internet, MD5 c s dng
rng ri trong cc chng trnh an ninh mng, v cng thng c dng
kim tra tnh nguyn vn ca tp tin.
MD5 c thit k bi Ronald Rivest vo nm 1991 thay th cho hm
bm trc , MD4 (cng do ng thit k, trc na l MD2).
2 ng dng quan trng:
1/ MD5 c s dng rng ri trong th gii phn mm m bo rng
tp tin ti v khng b hng. Ngi s dng c th so snh gia thng s
kim tra phn mm bng MD5 c cng b vi thng s kim tra phn mm
ti v bng MD5.(v d:khi ngi s dng download mt file trn mng nh
pht trin ng dng s to ra mt m MD5 cho file .khi chng ta va ti v
th s c mt m MD5.nu 2 m ny trng nhau th file an ton ngc li th
c th file download c virut hoc ci g )H iu hnh Unix s dng MD5
kim tra cc gi m n phn phi, trong khi h iu hnh Windows s
dng phn mm ca hng th ba.
2/ MD5 c dng m ha mt khu. Mc ch ca vic m ha ny l
bin i mt chui mt khu thnh mt on m khc, sao cho t on m
khng th no ln tr li mt khu. C ngha l vic gii m l khng
th hoc phi mt mt khong thi gian v tn ( lm nn lng cc

4 | TM HIU MD5 V CC GII THUT M HA

hacker)

3.c im ca MD5
- T mt on vn bn u vo s to ra mt string gi l Message Degist
Hay cn gi l MD5 hash c di c nh c m ha di dng hexa.
-T mt an vn bn u vo s to ra duy nht mt hash u ra khng
bao gi c 2 hash cho 1 vn bn.
- T mt hash u ra ta se khng bao gi c th suy ngc li c plantext
ban u

II Thut gii
1.u vo v u ra
u vo:
-Thng ip a vo s c ct thnh cc khi 512 bits. Thng ip
c a vo b m chiu di ca n s chia ht cho 512. B m hot
ng nh sau:
+Trc tin n s chn bit 1 vo cui thng ip.
+Tip l hng lot bit Zero cho ti khi chiu di ca n nh hn bi s
ca 512 mt khong 64 bit .
+Phn cn li s c lp y bi mt s nguyn 64 bit biu din chiu
di ban u ca thng ip.

5 | TM HIU MD5 V CC GII THUT M HA

u ra:
-MD5 bin i mt thng ip c chiu di bt k thnh mt khi c
kch thc c nh 128 bits.

6 | TM HIU MD5 V CC GII THUT M HA

2 Gii thut
Thut ton chnh ca MD5 hot ng trn mt b 128 bit. Chia nh n ra
thnh 4 t 32 bit, k hiu l A,B,C v D. Cc gi tr ny l cc hng s c
nh.
Sau thut ton chnh s lun phin hot ng trn cc khi 512 bit. Mi
khi s phi hp vi mt b. Qu trnh x l mt khi thng ip bao gm 4
bc tng t nhau, gi l vng (round). Mi vng li gm 16 qu trnh
tng t nhau da trn hm mt chiu F, php cng module v php xoay
tri
Hnh bn di m t mt qu trnh trong mt vng

7 | TM HIU MD5 V CC GII THUT M HA

Qu trnh x l ca mt block

C 4 hm mt chiu F c th s dng. Mi vng s dng mt hm khc nhau.

8 | TM HIU MD5 V CC GII THUT M HA

y l qu trnh thc hin x l ca 4 hm F, G, H, I trn:

Vng 1 (Round 1):
K hiu [abcd k s t] l bc thc hin ca php ton
a = b + ((a + F(b, c, d) + X[k] + T[t]) <<< s) Qu trnh thc hin 16 bc
sau:
[ABCD 0 7 1] [DABC 1 12 2] [CDAB 2 17 3] [BCDA 3 22 4]
[ABCD 4 7 5] [DABC 5 12 6] [CDAB 6 17 7] [BCDA 7 22 8]
[ABCD 8 7 9] [DABC 9 12 10] [CDAB 10 17 11] [BCDA 11 22 12]
[ABCD 12 7 13] [DABC 13 12 14] [CDAB 14 17 15] [BCDA 15 22 16]
Gii thch:
V d biu thc th 2 l [DABC 1 12 2], tng ng vi:
D = A + ((D + F(A,B,C) + X[1] + T[2]) <<< 12) Nhn xt: Vng 1 dng hm
F, Vi gi tr t t 1 -> 16 v k t 1 -> 15
Vng 2 (Round 2):
Tng t, k hiu [abcd k s t] l ca biu thc :
a = b + ((a + G(b, c, d) + X[k] + T[t]) <<< s) Qu trnh thc hin 16 bc :
[ABCD 1 5 17] [DABC 6 9 18] [CDAB 11 14 19] [BCDA 0 20 20]
[ABCD 5 5 21] [DABC 10 9 22] [CDAB 15 14 23] [BCDA 4 20 24]
[ABCD 9 5 25] [DABC 14 9 26] [CDAB 3 14 27] [BCDA 8 20 28]
[ABCD 13 5 29] [DABC 2 9 30] [CDAB 7 14 31] [BCDA 12 20 32]
Nhn xt: Vng 2 dng hm G, vi t t 17 -> 32 v k = 1 + 5k mod 16
Vng 3 (Round 3):
Tng t, k hiu [abcd k s t] l ca biu thc :
a = b + ((a + H(b, c, d) + X[k] + T[t]) <<< s) Qu trnh thc hin 16 bc:
[ABCD 5 4 33] [DABC 8 11 34] [CDAB 1 16 35] [BCDA 14 23 36]
[ABCD 1 4 37] [DABC 4 11 38] [CDAB 7 16 39] [BCDA 10 23 40]
[ABCD 13 4 41] [DABC 0 11 42] [CDAB 3 16 43] [BCDA 6 23 44]
[ABCD 9 4 45] [DABC 12 11 46] [CDAB 5 16 47] [BCDA 2 23 48]
Nhn xt: Vng 3 dng hm H, vi t t 33 -> 48 v k =5 + 3k mod 16

9 | TM HIU MD5 V CC GII THUT M HA

Vng 4(Round 4):

Tng t, k hiu [abcd k s t] l ca biu thc:
a = b + ((a + I(b,c,d) + X[k] + T[t]) <<< s) Qu trnh thc hin 16 bc :
[ABCD 0 6 49] [DABC 7 10 50] [CDAB 14 15 51] [BCDA 5 21 52]
[ABCD 12 6 53] [DABC 3 10 54] [CDAB 10 15 55] [BCDA 1 21 56]
[ABCD 8 6 57] [DABC 15 10 58] [CDAB 6 15 59] [BCDA 13 21 60]
[ABCDb 4 6 61] [DABC 11 10 62] [CDAB 2 15 63] [BCDA 9 21 64]
Nhn xt: Vng 4 dng hm I, vi t t 49 -> 64 v k =7k mod 16
/* Sau lm cc php cng sau. ( Ngha l cng vo mi thanh ghi gi tr ca
n trc khi vo vng lp x l block tip theo) */
A = A + AA
B = B + BB
C = C + CC
D = D + DD
End /* of loop on i */
Bc 5 : Tnh kt qu message digest. Sau khi thc hin xong bc 4, thng
ip thu gn nhn c t 4 thanh ghi A, B, C, D, bt u t byte thp ca
thanh ghi A v kt thc vi byte cao ca thanh ghi D bng php ni nh sau:
Message Digest = A || B || C || D. ( || php ton ni)
Hm bm MD5 (cn c gi l hm tm tt thng ip - message degests)
s tr v mt chui s thp lc phn gm 32 s lin tip. Di y l cc v d
m t cc kt qu thu c sau khi bm.
MD5("The quick brown fox jumps over the lazy dog") =
9e107d9d372bb6826bd81d3542a419d6

10 | TM HIU MD5 V CC GII THUT M HA

Ch cn mt thay i nh cng lm thay i hon ton chui u ra

MD5("The quick brown fox jumps over the lazy
cog")
= 1055d3e698d289f2af8663725127bd4b
Ngay c mt chui rng cng cho ra mt kt qu phc tp:
MD5("") = d41d8cd98f00b204e9800998ecf8427e

11 | TM HIU MD5 V CC GII THUT M HA

Chng 2 B kha MD5

I Nhng L Hng
Bt c thut ton m ha no ri cng b gii m. Vi MD5, ngay t
nm 1996, ngi ta tm thy l hng ca n. Mc d lc cn cha r
rng lm nhng cc chuyn gia m ha ngh n vic phi a ra mt
thut gii khc, nh l SHA-1
MD5 c thit k bi Ron Rivert.t khi thut ton ny c cng b
c mt s im yu c tm thy nm 1993 B. den Boer and A.
Bosselaers tm ra mt s va chm ca MD5 v t mt lot cc im yu
ca MD5 c tm ra.
Mi chuyn bt u t nm, khi nh khoa hc my tnh ngi Php
Antoine Joux pht hin ra mt l hng trong thut ton ph bin MD5,
thng dng trong cng ngh ch k in t. Ngay sau , bn nh nghin
cu ngi Trung Quc li pht hnh cng trnh nghin cu ch ra cch
xuyn ph thut ton th hai c tn SHA-0.
Tuy ch mi giai on nghin cu s b song nhng pht hin ny c th
to iu kin k xu ci nhng chng trnh ca sau (backdoor) b mt vo
trong m my tnh, hoc gi mo ch k in t. Tr phi mt thut ton mi,
bo mt hn c xy dng v a vo s dng!
Mt pht hin th ba, c n i v nh gi rt cao c cng b
trong hi tho Crypto. Hai nh nghin cu Eli Biham v Rafi Chen ca
Vin Cng ngh Israel din thuyt v cch nhn dng cc hnh thc tn
cng vo chc nng bo mt ca thut ton SHA-0, mt thut ton c s
h.
Nhng l hng bo mt c cho l "nghim trng" bn trong thut ton
SHA-0 v SHA-1, tu thuc vo mc chi tit ca phn trnh by, c th
lm chn ng c ngnh bo mt. T trc ti nay, SHA-1 vn c coi l
chun mc "vng"v thut ton. N c tch hp bn trong rt nhiu chng
trnh thng dng nh PGP v SSL, c chng thc bi Vin Chun Cng
ngh Quc gia v l thut ton ch k in t duy nht c C quan Chun
Ch k S ca chnh ph M ph chun.
C ba thut ton MD5, SHA-0 v SHA-1 u c gii khoa hc my tnh
coi l"a chc nng". Chng c th nhn mi dng d liu u vo, t tin
nhn email cho n ht nhn (kernel) ca h iu hnh, cng nh to ra mt
du vn tay s duy nht. Ch thay i mt k t bt k bn trong file u vo

12 | TM HIU MD5 V CC GII THUT M HA

cng to ra nhng du vn tay hon ton khc nhau. Cc ng dng bo mt

u da vo tnh nng "du vn tay duy nht" ny lm nn. Tuy nhin, nu k
tn cng c th to ra mt du vn tay "Dolly" vi mt dng d liu u vo
khc, du vn tay "sinh sn v tnh" ny s khin phn mm b gi backdoor
nhn dng nhm. Kt qu l chng c th to ra ch k gi vt sch ti
khon ngn hng ca ngi s dng khng may.
Tt nhin, t rt lu, gii nghin cu hiu rng khng c thut ton m
ho thc tin no l tuyt i an ton v bo mt. Tuy vy, h vn n lc thit
k ra nhng thut ton m thi gian cn to ra mt du vn tay "Dolly" l v
tn, vi hy vng k tn cng s nn lng. Th nhng nu nhng s h tng t
nh ca SHA-0 cng c tm thy trong SHA-1, iu ny ng ngha vi vic
tc gi mo mt du vn tay s c y nhanh ln... 500 triu ln, hon
ton trong tm tay ca mt mng my tnh tc cao.
Tuy mc tc hi t trm trng hn song s h bo mt trong thut ton
MD5 c l li gy hu qu ngay tc th. Sn phm my ch Apache Web
ngun m ang s dng MD5 kim duyt nhng website c m ngun cha
b chnh sa, t s an ton khi chy trong my. Tng t, s l c s d liu
Solaris ca Sun Microsystems, vi kh nng m theo hng t nhn l "xc
minh mt file ch thc ch khng phi phin bn b iu chnh h gc h
thng bo mt''.
L hng mi pht hin trong MD5 s cho php k tn cng to ra file
gi mo ch trong vi gi vi mt my tnh t chun. "Gi y, ngi ta
chng minh c cc thut ton ny c l hng. Trc khi k tn cng li
dng khai thc c, n lc phi thi dn vic s dng MD5.'' - nh
phn tch Hughes ca Vin Chun Cng ngh Quc gia nhn nh.

II Tn cng bng bm
1.S khc bit gia cc Module v cc php ton XOR
Phng php phn tch l quan trng nht i vi cc hm bm n to khc
bit gia cuc tn cng
n cng l mt trong nhng phng php quan trng nht phn
tch ccthut ton m ha khi.Nhn chung s khc bit gia cc cuc tn cng
c bit trong mt m khi l mt dang tn cng khc bit gia cc XOR.S
khc bit gia cc cuc tn cng c gii thiu bi E.Biham v Shamir A

13 | TM HIU MD5 V CC GII THUT M HA

Chng ta s s dng cc module tiu biu ca mi vng cng vi s khc nhau

gia cc gii hn ca module php tr cc s nguyn v s khc nhau gia
cc rang buc ca XOR.s kt hp gia hai loi khc nhau cho chng ta nhiu
thng tin hn l dng mt trong s chng.
v d: s sai khc gia X v X l X-X=26 cho mi ga tr X khi s khc
bit trong php XOR X,X c th c nhiu kh nng n l
- S khc nhau 1 bit trong bit 7 vd ox00000040.trong trng hp
X=X=26 c nga l bit 7 ca Xl 1 v cu X l 0;
6
- S khc nhau 2 bit. Vd ox00000040 nu X-X=2 th bin th 7 ca X l
1,bin th 8 ca X =0.v bin th 7 trong X=0 ,bin th 8 X=1.tc l
X=ox01000040,X=ox10000040.
- S khc bit trong 3 bit.VD ox000000000040.bin th 7,8,9 ca X l
1,1,0 cn ca X l 0,0,1
-

Tng t ta c th suy ra mt cch nhanh chng khi bit c gi tr

rang buc v gi tr XOR ca cp

gii thch cuc tn cng ca wang mt cch r rang,ti cp n s khc

bit gia cc modul trong cc ng dn khc nhau.cng vi c hai s khc
nhau c cp trn.s khc bit c nh du l mt s thc dng hay
m cng vi s khc bit trong php XOR.Nhng sau s khc nhau ca
php XOR c nh du bng mt danh sch cc bit nng ng cng vi k
hiu ca cc bt .trong danh sch cc bit trong X m c gi tr 0 th s khng
c k hiu cn nhng bt 1 c nh du m.v d:
So snh cuc tn cng ca Wang vi cc cuc tn cng trc ,n c nhng
im khc bit:
1. Cuc tn cng l tm va chm vi hai ln lp li. mi thng ip trong.
chm bao gm hai khi (mi khi l 512-bit).
2. Cuc tn cng tn cng vo c im
3. Cuc tn cng to ra mt tp cc iu kin m bo pht hin ra s khc
bit
4. Tn cng s dng mt cng ngh sa i thng ip ci thin kh
nng xy ra va chm
2 Tn cng vo s chnh lch ca hm bm
S khc nhau ca hai thng s X v X c nh nga l X=X-X.vi mi
2 thng ip M v M c di l bit M=(M0 ,M1 Mk-1) v M=(M0
,M1,Mk)
S khc nhau ca hm bm c nh ngha nh sau:

14 | TM HIU MD5 V CC GII THUT M HA

H0 l gi tr khi to ban u v n bng 0. Hi-1 l u vo ca Hi nu H

=0 tc l c s va chm gia M v M.v chng ta gi kt H l chnh
lch va chm( collision difirential)
Vi iu kin Hm bm gm c 4 vng v mi vng c 16 bc thao tc.
chi tit hn chng ta c th hnh dung s chnh lch ti bc lp i
nh sau:

chnh lch trong cc vng

sut Pi l tng ca cc xc sut ca tng vng sau

vi xc

y.
Vi
P l xc sut chnh lch

tha mn

3 Ti u ha s chnh lch va chm ca hm bm

Trong phn 3.1 chng ta ni n tn cng s dng k thut sa i thng
ip ci thin xc sut va chm.theo nh cng ngh sa i chng ta ly
mt phng thc cha c s l tm kim s chnh lch va chm ca hm
bm.c 2 cch sa i thng ip l:
Vi mi block 2 thng ip bt k(Mi,Mi) v vng u tin

15 | TM HIU MD5 V CC GII THUT M HA

Chng ta c th d dng sa Mi sao cho s khc bit gia cc vng c gi l

1 P1=0;
2.s dng k thut sa i nhiu thng ip,chng ta c th khng ch m bo
s khc bit ca vng u tin c gi l mt m cn ci thin xc sut khc
bit ca vng 2
=> tm c k thut khc bit ti u nht cho 1 hm bm.th k thut
phi l tt nht sao cho khi chon block khc nhau th xc sut ca hai vng
cui vn c gi tr cao

III Tn cng s chnh lch ca Md5

1.k hiu
Trc khi m t cuc tn cng,chng ta s gii thiu mt vi t kha c th
hiu mt cch d dng hn.
1. M = (m0,m1, ...,m15) v M = (m0,m1m15). Miu t 512 bit thng ip
M = (m0,m1, ...,m15) l s khc nhau gia 2 block thng ip.
mi = mi- mi l s khc nhau gia cc tc v trong 1 vng.
2. ai,bi,ci,di theo th t l u vo ca cc bc (4i 3), (4i 2),(4i 1),
v 4i trong qu trnh x l block M,vi 1 i 16.ai bi,ci,di c nh
ngha tng t
3. i,j l bit th j ca u vo ca hm phi tuy i .i l thao tc th i
4. ai,j,bi,j,ci,j,di,j ln lt l bit th j ca ca ai,bi,ci,di,.
5. xi,j=xi,j-xi,j =1 l bit khac nhau. xi,j c tnh bng cch thay i bit
th j ca xi.xi[j],xi[j](x c th l a,b,c,d, ).kt qu thu c bng cch
thay i bit j ca xi l xi[j] thu c bng cch thay i bit j ca xi t 0
thnh 1,v xi[-j] t 1 thnh 0.
6. xi[j1, j2, ..., jl] = xi[j1, j2, ..., jl]xi biu din s khc bit,n c to ra
bng s thay i bit th j1, j2, ..., jl .ca xi . xi[j1, j2, ..., jl] l gi
tr thay i j1, j2, ..., jl ca xi .du + c nga l bit b thay i t 0 thnh
1 du l ngc li
2. S chnh lch va chm ca md5
S tn cng c th tm thy nhiu s va chm.nhng thng ip bao
gm cc cp (M0,M1) v (M0,M1) 1024 bit vi gi tr khi to IV0
IV0: a0 = 0x67452301, b0 = 0xefcdab89, c0 = 0x98badcfe, d0 =
0x10325476.
M0 = M0-M0 = (0, 0, 0, 0, 231, 0, 0, 0, 0, 0, 0, 215, 0, 0, 231, 0)
M1 = M1M1 = (0, 0, 0, 0, 231, 0, 0, 0, 0, 0, 0,215, 0, 0, 231, 0)
H1 = (231, 231 + 225, 231 + 225, 231 + 225).

16 | TM HIU MD5 V CC GII THUT M HA

Phn t khc khng ca M0 v M1 c t ti cc v tr 5, 12 v

15. H1 =(a b, c, d) l s chnh lch ca cc gi tr chui bn (a, d,
c, b) sau khi vng lp u tin.
Ta chn M0 m bo rng c vong 3 v 4 se c xc sut cao cn M1
khng m bo iu
S chnh lch va chm vi cc tt c cc c trng c th c cp ti
trong bng 3 v bng 5.ct ca tt c cc bng u c ngha tng t nhau.
Gii thch qua bng 3:
Ct u tin ch ra cc bc thc hin.
Ct 2 l ga tr cc bin thay i trong mi bc ca M0
Ct 3 l cc t trong mi bc ca M0
Ct 4 l gi tr dch chuyn
Ct 5 l s khc bit gia cc t
Ct 6 l s khc bit gia cc chui
Cc trng trong ct 5 v 6 th hin khng c s khc bit v cc bc khng
c lit ke trong bng nga l khng c s khc bit gia cc thng ip.
3 iu kin y c trng ca cc nhm
Trong phn ny chng ta s lm r lm th no c c mt tp hp cc
iu kin m bo rng cc c tnh khc bit trong bc 8 ca MD5
c gi li.
iu kin khc c th c ly mt cch tng t:
c im khc bit trong bc 8 ca MD5 l:
(c2,d2,a2,b1) b2.
Vi mi mt chui gi tr tha mn mt trong cc kt qu sau.
b = b1
a2= a2[7, ..., 22,23]
d2= d2[7, 24, 32]
c2= c2[7, 8, 9, 10, 11,12,24,25,26, 27, 28, 29, 30, 31, 32, 1, 2, 3, 4,
5,6]
b2= b2[1, 16,17, 18, 19, 20,21,24]
theo nh thao tc trong bc 8 chng ta c
b2 = c2 + ((b1 + F(c2, d2, a2) + m7 + t7)22
b2= c2 + ((b1 + F(c2, d2, a2) + m7 + t7)22
7 = F(c2, d2, a2) = (c2 d2) (c2 a2)
trong thao tc trn c2 xut hin 2 ln bn phi du bng
nu ta thy cF2 c ngha l c2 bn trong hm F v cNF2 ngha l c2 ngoi F

17 | TM HIU MD5 V CC GII THUT M HA

kt qu ny da trn hai s kin sau y:

khi b1 = 0 , m7 = 0, chng ta bit rng b2 = cNF2 + (722).
Sa 1 hoc 2 bin trong F cng nh F th s gim xung 1 bin n
Chng ta ly mt tp cc iu kin nhng ci m bo rng cc k t c
bit c gi li
1.iu kin cho mi bit khc khng trong b2.
Nhng iu kin d2,11 = 1 v b2,1 = 0 m bo rng thay i bit th
nht ca b2
Nu d2,11 = a211 = 1, chng ta c 7,11 = 1.
sau 22, 7,11 v tr 1.
Since cNF 2,1 = 0, so, b2,1 = cNF2,1 + 7,11 = 1.
iu kin d2,26 = a226 = 1, b2,16 = 0 and b2,17 = 1 m bo s thay
i ca bit 16,17 trong b2.
iu kin d2,28 = a228 = 0, b2,I = 0, I = 18, 19, 20 v b2,21 = 1 m
bo s thay i cc bit 18,19,20,21 trong b2.
iu kin d2,3 = a2,3 = 0 v b2,24 = 1 m bo s thay i bit th 24
trong b2 . iu c th c chng minh trong kt qu sau:
cNF2 [24,25,26, 27] + (7[3]22) = 223 224 = 223.
2 iu kin cho mi bit 0 trong b2.
iu kin c2,17=0 m bo rng s thay i t bit th 7 ti bt th 12
trong cNF2 v bit th 17 ca a2 dn n khng c s thay i trong b2.
N c theerr d dng chng minh c theo kt qu sau :
cNF2=[7, . . . 11,12] + (7[17]22) = 26 + 26 = 0.

iu kin d2,I m bo rng s thay i bit th I trong cF2 kt qu

khng thay i trong b2 khi I {1, 2, 4, 5, 25, 27, 29, 30, 31}

iu kin c2,i=1 m bo rng thay i bit th I trong a2 khng lm

thay i b2 khi I {13, 14, 15, 16, 18, 19, 20, 21, 22, 23}.

iu kin d2,6=a26 m bo rng s thay i bit th 6 trong cF2 v bit

th 32 trong d2 khng lm thay i b2

iu kin a2,32 =1 m bo s thay i bit th 32 trong cF2 v bt th

32 trong d2 khng lm thay i b2.

iu kin d2,i=0 m bo s thay i bit I trong a2 v bit I trong cF2

khng lm thay i b2 khi I {8, 9, 10}.

18 | TM HIU MD5 V CC GII THUT M HA

iu kin d2,12=1 m bo s thay i bit 12 trong a2 v bit th 12 trong

cF2 khng lm thay i b2
iu kin a2,24=0 m bo thay i bit 24 trong cF2 v bit 24 trong d2
khng lm thay i b2.
Thay i bit 7 trong cF2 v d2,a2 khng lm thay i b2
=>tng t chng ta c th ly c mt tp cc iu kin(bng 4 v
6).m bo tt c cc s khc bit c trng gia cc v va chm khc nhau
ca cc nhm

4.Sa i thng ip
Sa i tin nhn gip cuc tn cng hiu qu hn, n l rt c ch ci
thin phng php xc sut m chng ti m t, bng cch sa cha
mt s nhng t trong thng ip trc khi thng ip mt s cc iu
kin.cc nh nghin cu ch ra rng n rt d dng sinh ra cc thng ip
m p ng c tt c cc iu kin trong 16 bc u tin trong MD5.
Vi mi khi M0(hoc M1) v cc bin trung gian(H0,hoc H1 v H1) chng
ta p dng cc th tc di y sa M0 (hoc M1 tng ng), do tt c
cc iu kin ca vng 1 (gm 16 bc )c trong bng 4 v 6.
N rt d dng sa M0 nh vy, iu kin ca vng 1 trong bng 4 vn
gi l1
V d m bo 3 iu kin trong c1 trong bng 4 c bo ton chng ta
sa m2 nh sau.
cnew1 cold1 cold1,7*26 cold 1,12*211 cold 1,20*219
mnew2 ((cnew1- cold1)17) + mold2
Bng cch sa i mi t trong thng ip ca thng ip M0,tt c cc
iu kin trong vng 1 ca bng 4.vng lp u tin vi xc sut 2-43.
Tng t ta sa i M1.sau khi sa it a lp li ln 2 vi xc sut 2-37.
Sa i a thng ip.c mt ci tin c th hon thnh ng thi mt phn
ca iu kin ca 32 bc u tin bng phng php sa i a thng ip.
V d:
Nu a5,32=1 chng ta sa li n bng 0 bng cch sa i m1,m2,m3,m4,m5.
Nh vy s sa i s sinh ra mt va chm cc b t bc 2 n bc 6.trong
khi cc iu kin cn li ca vng 1 vn c gi li.xem bng 1 mt s
iu kin khc c th b thay i bng k thut sa i tng t hoc sa i
chnh xc hn.Bng phng php sa i,37 iu kin trong vng 2-4 cha

19 | TM HIU MD5 V CC GII THUT M HA

c xc nh trong bng 4 v 30 iu kin cha c xc nh trong bng

6.v vy bc lp u tin c xc sut khng i l 2-37 v xc sut ca bc
lp th 2 cn 2-30.
Bng 1:phng php sa i thay i a5,32

5 Tn cng khc nhau vo MD5.

T cc s m t trn,n rt d dng ch ra cch tn cng vo md5.
Cch di y m t lm cch no tm kim c 2 khi va chm
1.lp li cc bc cho ti khi khi u tin c tm thy
Chn random thng ip M0
Sa i M0 theo k thut sa i thng ip c miu t trong cc
phn trc
Sau M0 v M0=M0+ M0. to ra t ln lp u tin
M0 (H1,M1)vi xc sut 2-37.
Kim tra nu tt c cc c trng bng cch s dng cc hm nn M0
v M0.
2.lp li cc bc cho n khi c va chm
Chn ngu nhin thng ip M1
Sa i M1 theo k thut sa i thng ip c miu t trong cc
phn trc
Sau , M1 v M1+ M1 c to ra t ln lp th 2.
(H1,M1) H = 0 vi xc sut 2-30.
Kim tra li cp i cho n khi tm c s va chm
S phc tp tm kim(M0,M0) c thi gian chy khng vt qu 239 thao
tc MD5. chn thng ip M0 khc th ch cn thay i 2 t cui cng t M0
c chn trc .do vic tm kim (M0,M0) ch mt mt ln duy nht
sa i thng ip cho 14 t u tin.thi gian ny c th c b qua.i vi

20 | TM HIU MD5 V CC GII THUT M HA

mi thng ip M0 ch cn dua nht 2 ln sa i n thng ip cho 2 t cui

v 7 ln sa a thng ip sa cha 7 iu kin trong vng th 2.vi
mi sa i a thng ip ch cn duy nht vi thao tc do tng thi gian
cho cc ln tm kim sa i l khng ln.theo nh xc sut trong ln lp u
tin ta thy rng s phc tp ca tm kim(M0,M0) l khng vt qu 239 thao
tc.
Tng t ta c th ch ra rng s phc tp tm kim(M1,M1) l khng vt
qu 232 thao tc
Bng 2:2 cp ca va chm MD5.H l gi tr bng bm vi gi tr u nh v
khng c thng ip no dc them vo.H l gi tr bng bm vi u to v
thng ip c them vo.

Bt u vi block 512 bit u tin v a ra khi u tin p ng c tt c

cc tiu chun cn thit n d dang tm thy nhiu khi th 2 M1,M1
dn ti va chm

21 | TM HIU MD5 V CC GII THUT M HA

Bng 3.cc c trng khc nhau ca s khc nhau trong ln lp u tin

22 | TM HIU MD5 V CC GII THUT M HA

Bng 4:mt tp cc iu kin ca s khc nhau trong vng lp u

tin

23 | TM HIU MD5 V CC GII THUT M HA

Bng 5: cc c trng khc nhau ca vng lp th 2

24 | TM HIU MD5 V CC GII THUT M HA

Bng 6: tp cc iu kin ca s khc nhau trong vng lp th 2

25 | TM HIU MD5 V CC GII THUT M HA

Ti liu tham kho

1.

http://en.wikipedia.org/wiki/MD5.

2.

http://www.md5.net/.

3.

http://www.scribd.com/doc/57082475/BAO-CAO-MD5

4.

Xiaoyun Wang and Hongbo Yu. "How to Break MD5 and Other
Hash Functions". Retrieved 2009-12-21.

5. Tao Xie and Dengguo Feng (30 May 2009). How To Find Weak Input
Differences For MD5 Collision Attacks.