What is Checksum, CRC and MD5 hash???
vaw...@ibm.net
In <4aj5d1$r...@nntp.igs.net>, cur...@cnwl.igs.net (Kevin Curry) writes:
>Hello,
>
> All this time using computers and I never really asked. Hummm!!!!
>
>What is Checksum, Cyclic Redundancy Check and a MD5 Hash Function?
A Checksum is simply the sum of all the bytes (or 'words' or 'longs') in a
message/record/whathaveyou. It may or may not be truncated back to a
byte/word/long. Its advantage is it's fast. Disadvantage is that there are
some common errors it doesn't find.
CRC is the remainder after logically dividing (use XOR instead of subtract) a
message/record/whathaveyou by a 'polynomial'. A well chosen polynomial finds
most common transmission errors. CRC16 has a polynomial of:
x^16 + x^15 + x^2 + 1
when doing the divide, you'll be left with a remainder which fits into 16 bits.
if this is then appended to the original message, the reciver simply does the
divide over the entire datastream and gets 0 as the remainder.
MD5 - damifino... I haven't worked with it, nor read anything about it
Victor A. Wagner, Jr. Key fingerprint = 4D 20 EB F6 01 01 B0 69
CFO Metadigm, Inc. 38 17 8D BF C8 46 E4 7A
Vice-Chair Orange County (CA) Libertarian Party http://www.lp.org/lp/
The five most dangerous words in the English language: "There oughtta be a law"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBMM1G1pO57AuaJdhFAQFxLAL/bkYIjGteIxJoh0XdsfTj5lzUIKNqFQVf
IAI2k8crOqnG1/P/1dfbd9RXrIgQuOEsrEdDcFqkDlB+uOxRGVStSZ8cpjnRQeMI
1nzbMoW7fmTuV1dCaqtvNfwMK133FyDV
=443G
-----END PGP SIGNATURE-----
Kevin Curry
All this time using computers and I never really asked. Hummm!!!!
What is Checksum, Cyclic Redundancy Check and a MD5 Hash Function?
(I'm aware that these functions are algorithms and polynomials of
various descritpions which in turn are used to validate the integrity
of files, modules, messages and so on. I've reviewed many of my
manuals which speak of their use but don't explain any details. What
are they really? What are the algorithms? How are are they applied?
What are the differences and why are some more effective than others?)
I thanks you in advance for your answer. Cheers!!!
ttyl
---
Kevin J. Curry - Maxville Ontario Canada.
I DO NOT speak for my employeer - just me.
Work: cur...@tc.gc.ca Home: cur...@cnwl.igs.net
PGP Public Key @KeyServers - KeyID 55AF3BE5
or Finger Home address.
vaw...@ibm.net
In <4akou6$o...@news.voicenet.com>, ma...@omni.voicenet.com (Mark M.) writes:
>vaw...@ibm.net wrote:
>
>: MD5 - damifino... I haven't worked with it, nor read anything about it
>
>The MD in MD5 stands for Message Digest. There are also MD2 and MD4. Details
>of these algorithms are in RFC's 1319, 1320, and 1321. MD5 is more complex
>than CRC or checksuming and its properties are that it should produce fairly
>random output, take 2^64 operations to find a plaintext that hashes to a given
>MD5 hash, and it should take 2^128 operations to find two plaintexts that
>produce the same hash.
Unless I read "Applied Cryptography" wrong, I think you've got those two numbers
backwards...should be 2^128 to match a specific and 2^64 to find two the same.
I think I saw the equation 2^(n/2) for the 'birthday problem'
Victor A. Wagner, Jr. Key fingerprint = 4D 20 EB F6 01 01 B0 69
CFO Metadigm, Inc. 38 17 8D BF C8 46 E4 7A
Vice-Chair Orange County (CA) Libertarian Party http://www.lp.org/lp/
The five most dangerous words in the English language: "There oughtta be a law"
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQB1AwUBMM4rFJO57AuaJdhFAQGSCwMAh5OkpvuWRWm/WjI+B6qNHmDvU1ARZ2Lb
BAY96H1Itwj0w7xpJqpELVKKGdMUagmui1N5MmsM9XBXxDMciBUDMJiYuJMFMgTP
tNmKkgL0p1xF2SUU+DaLHS3cKLsuJRjL
=KFrg
-----END PGP SIGNATURE-----
Joerg Keller
MD5 is a one-way cryptographic hash function developed by Ron Rivest
(MD=message digest). It is used in the PEM (privacy enhanced mail)
protocols for authentication. It works with input of arbitrary length
and produces a 128 bit result.
A description can be found in
Bruce Schneier
Applied Cryptography
John Wiley & Sons 1994
(I think there is also a second edition.)
Cheers,
Joerg Keller
---------------------------------+---------------------------------------------
Dr. Joerg Keller | Phone: +49-681-302-2576
Universitaet des Saarlandes | Secr : +49-681-302-2436
FB 14 Informatik - LS Prof. Paul | Fax : +49-681-302-4290
Im Stadtwald - Bau 36 Raum 109 | Email: jke...@cs.uni-sb.de
66123 Saarbruecken, Germany | URL : http://www-wjp.cs.uni-sb.de/~jkeller/
---------------------------------+---------------------------------------------
Nick Maclaren
|> Kevin Curry (cur...@cnwl.igs.net) wrote:
|>
|> : All this time using computers and I never really asked. Hummm!!!!
|>
|> : What is Checksum, Cyclic Redundancy Check and a MD5 Hash Function?
|>
|> about crcs but were afraid to ask' which might be helpful. I have it around
|> here. They are all hash functions, with md5 being the best of the three.
|> Checksums are nearly useless nowadays, check xmodem source for simple
|> checksum code. CRC code is commonly available, and there is a rfc with md5
|> code in it I think, although i'm not possitive.
Checksums as such (i.e. BSD or System V sum) have always been an
indication of the incompetence of their authors. They fail to
detect many of the most common forms of transmission errors (e.g.
missing or inserted nulls), and this has been known since the early
days of electric communication. And by that, I mean the telegraph.
Single bit checksums are useful in hardware, but anything higher should
use a hash function of some sort. CRCs are similar to Gray codes and
are near-optimal for the detection of certain types of single bit error,
such as is common in very low-level networking (e.g. dialup). They
have minimal advantages over 'random' hash functions for the detection
of file corruption.
MD5 etc. are cryptographic hash functions and are supposedly secure
against a deliberate attack (as distinct from accidental corruption),
unlike checksums, CRCs etc. But they are very little better against
accidental corruption than a 'random' hash function of the same size.
On cus.cam.ac.uk in /pub/software/programs/checksum, you will find a
highly portable C program that calculates BSD and System V checksums
(for comparison), a very simple arithmetic hash function, the POSIX.2
CRC and MD5.
Nick Maclaren,
University of Cambridge Computer Laboratory,
New Museums Site, Pembroke Street, Cambridge CB2 3QG, England.
Email: nm...@cam.ac.uk
Tel.: +44 1223 334761 Fax: +44 1223 334679
Brian Mitchell
: Hello,
: All this time using computers and I never really asked. Hummm!!!!
: What is Checksum, Cyclic Redundancy Check and a MD5 Hash Function?
Well, there is a file called 'everything you allways wanted to know
about crcs but were afraid to ask' which might be helpful. I have it around
here. They are all hash functions, with md5 being the best of the three.
Checksums are nearly useless nowadays, check xmodem source for simple
checksum code. CRC code is commonly available, and there is a rfc with md5
code in it I think, although i'm not possitive.
: ---
Adam Back
Victor Wagner <vaw...@ibm.net> writes:
> Kevin Curry <cur...@cnwl.igs.net> writes:
> >[...]
> >
> >What is Checksum, Cyclic Redundancy Check and a MD5 Hash Function?
>
>
> MD5 - damifino... I haven't worked with it, nor read anything about it
MD5 is a cryptographic message digest - a one way hash function.
MD5 was designed by Ron Rivest, and may be used freely. It is
described in an RFC1321. The RFC includes source code.
ftp://ftp.dsi.unimi.it/pub/security/code/md5.tar.gz
the tar file includes the rfc, source code split into files, makefile,
and man page.
MD5 takes a variable number of bytes as input, and produces a 16 byte
digest as output. It is designed so that it is hard to construct a
message with a chosen digest, it is often used to check that binaries
have not been altered.
PGP uses MD5 as a one way hash in a several places:
- for signatures
- for converting the text passphrase into an IDEA key
- for random number conditioning
- for key fingerprints
Signatures.
A PGP signature just RSA signs the digest of the file to be signed,
because RSA encrypt is slow, and as a digest is a fingerprint of the
actual file with the property that it is hard to modify the file
without affecting the signature, it provides nearly as good
authentication to sign (encrypt with private key) the digest, rather
than the whole file.
So a PGP signature is computed with:
sig = rsa_enc(padding . MD5(file . asci(0) . timestamp), n, d )
This applies to detached signatures, and cleartext sigs, and non-clear
sigs. The signatures generated by:
detached pgp -satb file
cleartext pgp -sat +clearsig=on file
non-clear pgp -sat +clearsig=off file
-t the tells pgp to presume ascii, -a to produce ascii armoring, -b to
break the file (detach the sig), +clearsig=on/off to sign clear or not.
Passphrase.
Your actual secret key (PGP stores: d,p,q,u) where d is the secret
exponent ((m ^ e % n) ^ d % n == m for all 0 < m < n), p and q are the
factors of n, st n = p x q, p < q, and u is the inverse of p mod q, ie
p x u = 1 (mod q). All that is really needed is to store d for the
secret key, but PGP keeps p, q and stores u also because they allow
the use of the chinese remainder theorem to implement a faster modular
exponentiation mod n.
OK, so the secret key is IDEA encrypted, and the IDEA key used to
encrypt it is the 16 byte MD5 digest of your passphrase.
Key Fingerprints.
The key fingerprint is the MD5 digest of n and e, the two components
of the public key.
Random Number conditioning.
The random number code mixes in things like the MD5 of the plaintext,
and applies MD5 a number of times to mix in other data to ensure that
the result is irreversible, and that it is evenly distributed.
Adam
--
Munitions T-shirt home page: http://www.obscura.com/~shirt/
#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)
Tommy Petrogiannis
>Hi,
>MD5 is a one-way cryptographic hash function developed by Ron Rivest
>(MD=message digest). It is used in the PEM (privacy enhanced mail)
>protocols for authentication. It works with input of arbitrary length
>and produces a 128 bit result.
Can anyone freely use MD5? Or is the algorithm covered by patent
and royalty payments to RSA?
Thanks in advance.
--
Tommy Petrogiannis
to...@Fateepee.CAM.ORG
_ __o
______ `\<, Going slow just hurts too much.
-- O/ O Going fast gets me there sooner - so I can...
recover from the pain quicker
Raymond K. Petry
transposed 'digits' (and inserted single-null) etc....
CRC's are division-by-polynomial (fast in hardware: selective-exor-and-shift)
and polynomials are best chosen irreducible (to catch the longest sequences
of mis-bits, and so reduce the combinatorics of mis-bits in 'noisy' data) -Ray
Kevin Curry (cur...@cnwl.igs.net) wrote:
: Hello,
: All this time using computers and I never really asked. Hummm!!!!
: What is Checksum, Cyclic Redundancy Check and a MD5 Hash Function?
: (I'm aware that these functions are algorithms and polynomials of
: various descritpions which in turn are used to validate the integrity
: of files, modules, messages and so on. I've reviewed many of my
: manuals which speak of their use but don't explain any details. What
: are they really? What are the algorithms? How are are they applied?
: What are the differences and why are some more effective than others?)
: I thanks you in advance for your answer. Cheers!!!
: ttyl
: ---
: Kevin J. Curry - Maxville Ontario Canada.
: I DO NOT speak for my employeer - just me.
: Work: cur...@tc.gc.ca Home: cur...@cnwl.igs.net
: PGP Public Key @KeyServers - KeyID 55AF3BE5
: or Finger Home address.
--
Cordially and sincerely yours, Mr. Raymond Kenneth Petry, CS
Principal Successor to Rev. Mary Baker Eddy
The Son Dey School of Christ Science
http://www.serve.com/~lambhorn
lamb...@mail.serve.com
Kurt Wismer
> >MD5 is a one-way cryptographic hash function developed by Ron Rivest
> >(MD=message digest). It is used in the PEM (privacy enhanced mail)
> >protocols for authentication. It works with input of arbitrary length
> >and produces a 128 bit result.
>
> Can anyone freely use MD5? Or is the algorithm covered by patent
> and royalty payments to RSA?
source for it is not especially hard to come by... you can freely use
it...
0@0.0
>CRC is the remainder after logically dividing (use XOR instead of subtract) a
>message/record/whathaveyou by a 'polynomial'. A well chosen polynomial finds
>most common transmission errors. CRC16 has a polynomial of:
>x^16 + x^15 + x^2 + 1
>when doing the divide, you'll be left with a remainder which fits into 16 bits.
>if this is then appended to the original message, the reciver simply does the
>divide over the entire datastream and gets 0 as the remainder.
>MD5 - damifino... I haven't worked with it, nor read anything about it
>Victor A. Wagner, Jr. Key fingerprint = 4D 20 EB F6 01 01 B0 69
^^^^^^^^^^^^^^^
Whether you know it or not, you certainly have worked with it :-)
>CFO Metadigm, Inc. 38 17 8D BF C8 46 E4 7A
>Vice-Chair Orange County (CA) Libertarian Party http://www.lp.org/lp/
>The five most dangerous words in the English language: "There oughtta be a law"
- Executioner/[Independent]
------====### legal notice ###====--------------------------------------------
Microsoft(tm) Network is prohibited from redistributing this work in any form,
either in whole or in part. License to distribute this posting is available to
Microsoft(tm) for (US)$100.00. Posting without prior permission constitutes an
agreement to these terms. Site license is available for (US)$10,000,000,000.00
PGP Signature: 67 35 1F 85 34 3D ED CC FD 87 01 22 A5 47 31 EA
Key available on request.
Kevin Curry
Thank you Thank you
The discussion has proved most enlightening.
I thank all who so generously responded. Especially
(Mark M.) and (Adam Back) for their pointers to the
RFC's.
Merry Christmas and >>back to lurking<<
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMNj5UNCojmtVrzvlAQGT3QP/fGtq2iDJa/kmxDyKETUAZ0xpKglrzLz5
0MLLq0WllpDjDJTPgImkY2j/hK3bqEIzplDbWSxb1ImpkJU0WKdaO8idY9y37U1+
eIJJYdNiRm3xgh9SGDD/WGcaiNxSx6jDvN2zRZgUQaQuoYKTHqv4c5eTX22k3/5f
QxieTi4wkwY=
=GHre
-----END PGP SIGNATURE-----