MD5加密原理.doc

MD5加密C#ZZ /Ewangsoft/archive/2006/07/22/960980.aspx1.来历MD5的全称是message-digest algorithm 5(信息-摘要算法，在90年代初由mit laboratory for computer science和rsa data security inc的ronald l. rivest开发出来，经md2、md3和md4发展而来。/rfc/rfc1321.txt，是一份最权威的文档，由ronald l. rivest在1992年8月向ieft提交。2.用途MD5的作用是对一段信息(message)生成信息摘要(message-digest)，该摘要对该信息具有唯一性,可以作为数字签名。用于验证文件的有效性(是否有丢失或损坏的数据),对用户密码的加密，在哈希函数中计算散列值。3.特点输入一个任意长度的字节串，生成一个128位的整数。由于算法的某些不可逆特征，在加密应用上有较好的安全性。并且，MD5算法的使用不需要支付任何版权费用。 4.说明唯一性和不可逆性都不是绝对的，从理论上分析是一种多对一的关系，但两个不同的信息产生相同摘要的概率很小。不可逆是指从输出反推输入所需的运算量和计算时间太大，使用穷搜字典的方法又需要太多的存储空间。5.算法描述算法输入是一个字节串，每个字节是8个bit. 算法的执行分为以下几个步骤：第一步，补位：MD5算法先对输入的数据进行补位，使得数据的长度(以byte为单位)对64求余的结果是56。即数据扩展至LEN=K*64+56个字节，K为整数。补位方法：补一个1，然后补0至满足上述要求。相当于补一个0x80的字节，再补值为0的字节。这一步里总共补充的字节数为063个。第二步，附加数据长度：用一个64位的整数表示数据的原始长度(以bit为单位)，将这个数字的8个字节按低位的在前，高位在后的顺序附加在补位后的数据后面。这时，数据被填补后的总长度为： LEN = K*64+56+8=(K+1)*64 Bytes。注意那个64位整数是输入数据的原始长度而不是填充字节后的长度,我就在这里栽了跟头.第三步，初始化MD5参数：有四个32位整数变量 (A,B,C,D) 用来计算信息摘要，每一个变量被初始化成以下以十六进制数表示的数值，低位的字节在前面。 word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10注意低位的字节在前面指的是Little Endian平台上内存中字节的排列方式，而在程序中书写时，要写成： A=0x67452301 B=0xefcdab89 C=0x98badcfe D=0x10325476第四步，定义四个MD5基本的按位操作函数： X，Y，Z为32位整数。 F(X,Y,Z) = (X and Y) or (not(X) and Z) G(X,Y,Z) = (X and Z) or (Y and not(Z) H(X,Y,Z) = X xor Y xor Z I(X,Y,Z) = Y xor (X or not(Z) 再定义四个分别用于四轮变换的函数。设Mj表示消息的第j个子分组（从0到15），s表示循环左移s位，则四种操作为： FF(a,b,c,d,Mj,s,ti)表示a=b+(a+(F(b,c,d)+Mj+ti)s) GG(a,b,c,d,Mj,s,ti)表示a=b+(a+(G(b,c,d)+Mj+ti)s) HH(a,b,c,d,Mj,s,ti)表示a=b+(a+(H(b,c,d)+Mj+ti)s) II(a,b,c,d,Mj,s,ti)表示a=b+(a+(I(b,c,d)+Mj+ti)s)第五步，对输入数据作变换。处理数据，N是总的字节数，以64个字节为一组，每组作一次循环，每次循环进行四轮操作。要变换的64个字节用16个32位的整数数组M0 .15表示。而数组T1 . 64表示一组常数， Ti为4294967296*abs(sin(i)的32位整数部分，i的单位是弧度,i的取值从1到64。具体过程如下： /* 设置主循环变量 */For i = 0 to N/16-1 do /*每循环一次，把数据原文存放在16个元素的数组X中. */For j = 0 to 15 doSet Xj to Mi*16+j.end /结束对J的循环/* Save A as AA, B as BB, C as CC, and D as DD.*/AA = ABB = BCC = CDD = D /* 第1轮*/* 以 abcd k s i表示如下操作a = b + (a + F(b,c,d) + Xk + Ti) s). */* Do the following 16 operations. */ABCD 0 7 1 DABC 1 12 2 CDAB 2 17 3 BCDA 3 22 4ABCD 4 7 5 DABC 5 12 6 CDAB 6 17 7 BCDA 7 22 8ABCD 8 7 9 DABC 9 12 10 CDAB 10 17 11 BCDA 11 22 12ABCD 12 7 13 DABC 13 12 14 CDAB 14 17 15 BCDA 15 22 16/* 第2轮* */* 以 abcd k s i表示如下操作a = b + (a + G(b,c,d) + Xk + Ti) s). */* Do the following 16 operations. */ABCD 1 5 17 DABC 6 9 18 CDAB 11 14 19 BCDA 0 20 20ABCD 5 5 21 DABC 10 9 22 CDAB 15 14 23 BCDA 4 20 24ABCD 9 5 25 DABC 14 9 26 CDAB 3 14 27 BCDA 8 20 28ABCD 13 5 29 DABC 2 9 30 CDAB 7 14 31 BCDA 12 20 32/* 第3轮*/* 以 abcd k s i表示如下操作a = b + (a + H(b,c,d) + Xk + Ti) s). */* Do the following 16 operations. */ABCD 5 4 33 DABC 8 11 34 CDAB 11 16 35 BCDA 14 23 36ABCD 1 4 37 DABC 4 11 38 CDAB 7 16 39 BCDA 10 23 40ABCD 13 4 41 DABC 0 11 42 CDAB 3 16 43 BCDA 6 23 44ABCD 9 4 45 DABC 12 11 46 CDAB 15 16 47 BCDA 2 23 48/* 第4轮*/* 以 abcd k s i表示如下操作a = b + (a + I(b,c,d) + Xk + Ti) s). */* Do the following 16 operations. */ABCD 0 6 49 DABC 7 10 50 CDAB 14 15 51 BCDA 5 21 52ABCD 12 6 53 DABC 3 10 54 CDAB 10 15 55 BCDA 1 21 56ABCD 8 6 57 DABC 15 10 58 CDAB 6 15 59 BCDA 13 21 60ABCD 4 6 61 DABC 11 10 62 CDAB 2 15 63 BCDA 9 21 64/* 然后进行如下操作 */A = A + AAB = B + BBC = C + CCD = D + DD Next i /* 结束对I的循环*/第六步，输出结果。A，B，C，D连续存放，共16个字节，128位。按十六进制依次输出这个16个字节。最后，用程序语言实现算法后，可以输入以下几个信息对程序作一个简单的测试，看看程序有没有错误。MD5 () = d41d8cd98f00b204e9800998ecf8427eMD5 (a) = 0cc175b9c0f1b6a831c399e269772661MD5 (abc) = 900150983cd24fb0d6963f7d28e17f72MD5 (message digest) = f96b697d7cb7938d525a2f31aaf161d0MD5 (abcdefghijklmnopqrstuvwxyz) = c3fcd3d76192e4007dfb496cca67e13bMD5 (ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789) =d174ab98d277d9f5a5611c2c9f419d9f MD5 (12345678901234567890123456789012345678901234567890123456789012345678901234567890) = 57edf4a22be3c955ac49da2e2107b67aMD5算法之C#程序MD5算法比较特别，最适合用汇编语言来写，好多高级语言对之无能无力或效率极低。比如我最开始尝试用Python和Euphoria编写，发现不太容易。相比而言，C#作为C家簇中新兴的一门.net语言，功能比较全面。花了一晚上的工夫终于用C#最先实现了MD5。主要是由于对算法的一些细节不太注意，结果输出总是不对，调试了好长时间。code/源文件：md5.cs/ MD5 Alogrithm/ by rufi 2004.6.20 /using System;using System.Collections;using System.IO;public class MD5 /static state variables private static UInt32 A; private static UInt32 B; private static UInt32 C; private static UInt32 D; /number of bits to rotate in tranforming private const int S11 = 7; private const int S12 = 12; private const int S13 = 17; private const int S14 = 22; private const int S21 = 5; private const int S22 = 9; private const int S23 = 14; private const int S24 = 20; private const int S31 = 4; private const int S32 = 11; private const int S33 = 16; private const int S34 = 23; private const int S41 = 6; private const int S42 = 10; private const int S43 = 15; private const int S44 = 21; /* F, G, H and I are basic MD5 functions. * 四个非线性函数: * * F(X,Y,Z) =(X&Y)|(X)&Z) * G(X,Y,Z) =(X&Z)|(Y&(Z) * H(X,Y,Z) =XYZ * I(X,Y,Z)=Y(X|(Z) * * （&与，|或，非，异或） */ private static UInt32 F(UInt32 x,UInt32 y,UInt32 z) return (x&y)|(x)&z); private static UInt32 G(UInt32 x,UInt32 y,UInt32 z) return (x&z)|(y&(z); private static UInt32 H(UInt32 x,UInt32 y,UInt32 z) return xyz; private static UInt32 I(UInt32 x,UInt32 y,UInt32 z) return y(x|(z); /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. * Rotation is separate from addition to prevent recomputation. */ private static void FF(ref UInt32 a,UInt32 b,UInt32 c,UInt32 d,UInt32 mj,int s,UInt32 ti) a = a + F(b,c,d) + mj + ti; a = a (32-s); a += b; private static void GG(ref UInt32 a,UInt32 b,UInt32 c,UInt32 d,UInt32 mj,int s,UInt32 ti) a = a + G(b,c,d) + mj + ti; a = a (32-s); a += b; private static void HH(ref UInt32 a,UInt32 b,UInt32 c,UInt32 d,UInt32 mj,int s,UInt32 ti) a = a + H(b,c,d) + mj + ti; a = a (32-s); a += b; private static void II(ref UInt32 a,UInt32 b,UInt32 c,UInt32 d,UInt32 mj,int s,UInt32 ti) a = a + I(b,c,d) + mj + ti; a = a (32-s); a += b; private static void MD5_Init() A=0x67452301; /in memory, this is 0x01234567 B=0xefcdab89; /in memory, this is 0x89abcdef C=0x98badcfe; /in memory, this is 0xfedcba98 D=0x10325476; /in memory, this is 0x76543210 private static UInt32 MD5_Append(byte input) int zeros=0; int ones =1; int size=0; int n = input.Length; int m = n%64; if( m 56 ) zeros = 55-m; size=n-m+64; else if (m=56) zeros = 0; ones = 0; size=n+8; else zeros = 63-m+56; size=n+64-m+64; ArrayList bs = new ArrayList(input); if(ones=1) bs.Add( (byte)0x80 ); / 0x80 = $10000000 for(int i=0;i8)&0xFF); byte h3=(byte)(N16)&0xFF); byte h4=(byte)(N24)&0xFF); byte h5=(byte)(N32)&0xFF); byte h6=(byte)(N40)&0xFF); byte h7=(byte)(N48)&0xFF); byte h8=(byte)(N56); bs.Add(h1); bs.Add(h2); bs.Add(h3); bs.Add(h4); bs.Add(h5); bs.Add(h6); bs.Add(h7); bs.Add(h8); byte ts=(byte)bs.ToArray(typeof(byte); /* Decodes input (byte) into output (UInt32). Assumes len is * a multiple of 4. */ UInt32 output = new UInt32size/4; for(Int64 i=0,j=0;isize;j+,i+=4) outputj=(UInt32)(tsi | tsi+18 | tsi+216 | tsi+324); return output; private static UInt32 MD5_Trasform(UInt32 x) UInt32 a,b,c,d; for(int k=0;kx.Length;k+=16) a=A; b=B; c=C; d=D; /* Round 1 */ FF (ref a, b, c, d, xk+ 0, S11, 0xd76aa478); /* 1 */ FF (ref d, a, b, c, xk+ 1, S12, 0xe8c7b756); /* 2 */ FF (ref c, d, a, b, xk+ 2, S13, 0x242070db); /* 3 */ FF (ref b, c, d, a, xk+ 3, S14, 0xc1bdceee); /* 4 */ FF (ref a, b, c, d, xk+ 4, S11, 0xf57c0faf); /* 5 */ FF (ref d, a, b, c, xk+ 5, S12, 0x4787c62a); /* 6 */ FF (ref c, d, a, b, xk+ 6, S13, 0xa8304613); /* 7 */ FF (ref b, c, d, a, xk+ 7, S14, 0xfd469501); /* 8 */ FF (ref a, b, c, d, xk+ 8, S11, 0x698098d8); /* 9 */ FF (ref d, a, b, c, xk+ 9, S12, 0x8b44f7af); /* 10 */ FF (ref c, d, a, b, xk+10, S13, 0xffff5bb1); /* 11 */ FF (ref b, c, d, a, xk+11, S14, 0x895cd7be); /* 12 */ FF (ref a, b, c, d, xk+12, S11, 0x6b901122); /* 13 */ FF (ref d, a, b, c, xk+13, S12, 0xfd987193); /* 14 */ FF (ref c, d, a, b, xk+14, S13, 0xa679438e); /* 15 */ FF (ref b, c, d, a, xk+15, S14, 0x49b40821); /* 16 */ /* Round 2 */ GG (ref a, b, c, d, xk+ 1, S21, 0xf61e2562); /* 17 */ GG (ref d, a, b, c, xk+ 6, S22, 0xc040b340); /* 18 */ GG (ref c, d, a, b, xk+11, S23, 0x265e5a51); /* 19 */ GG (ref b, c, d, a, xk+ 0, S24, 0xe9b6c7aa); /* 20 */ GG (ref a, b, c, d, xk+ 5, S21, 0xd62f105d); /* 21 */ GG (ref d, a, b, c, xk+10, S22, 0x2441453); /* 22 */ GG (ref c, d, a, b, xk+15, S23, 0xd8a1e681); /* 23 */ GG (ref b, c, d, a, xk+ 4, S24, 0xe7d3fbc8); /* 24 */ GG (ref a, b, c, d, xk+ 9, S21, 0x21e1cde6); /* 25 */ GG (ref d, a, b, c, xk+14, S22, 0xc33707d6); /* 26 */ GG (ref c, d, a, b, xk+ 3, S23, 0xf4d50d87); /* 27 */ GG (ref b, c, d, a, xk+ 8, S24, 0x455a14ed); /* 28 */ GG (ref a, b, c, d, xk+13, S21, 0xa9e3e905); /* 29 */ GG (ref d, a, b, c, xk+ 2, S22, 0xfcefa3f8); /* 30 */ GG (ref c, d, a, b, xk+ 7, S23, 0x676f02d9); /* 31 */ GG (ref b, c, d, a, xk+12, S24, 0x8d2a4c8a); /* 32 */ /* Round 3 */ HH (ref a, b, c, d, xk+ 5, S31, 0xfffa3942); /* 33 */ HH (ref d, a, b, c, xk+ 8, S32, 0x8771f681); /* 34 */ HH (ref c, d, a, b, xk+11, S33, 0x6d9d6122); /* 35 */ HH (ref b, c, d, a, xk+14, S34, 0xfde5380c); /* 36 */ HH (ref a, b, c, d, xk+ 1, S31, 0xa4beea44); /* 37 */ HH (ref d, a, b, c, xk+ 4, S32, 0x4bdecfa9); /* 38 */ HH (ref c, d, a, b, xk+ 7, S33, 0xf6bb4b60); /* 39 */ HH (ref b, c, d, a, xk+10, S34, 0xbebfbc70); /* 40 */ HH (ref a, b, c, d, xk+13, S31, 0x289b7ec6); /* 41 */ HH (ref d, a, b, c, xk+ 0, S32, 0xeaa127fa); /* 42 */ HH (ref c, d, a, b, xk+ 3, S33, 0xd4ef3085); /* 43 */ HH (ref b, c, d, a, xk+ 6, S34, 0x4881d05); /* 44 */ HH (ref a, b, c, d, xk+ 9, S31, 0xd9d4d039); /* 45 */ HH (ref d, a, b, c, xk+12, S32, 0xe6db99e5); /* 46 */ HH (ref c, d, a, b, xk+15, S33, 0x1fa27cf8); /* 47 */ HH (ref b, c, d, a, xk+ 2, S34, 0xc4ac5665); /* 48 */ /* Round 4 */ II (ref a, b, c, d, xk+ 0, S41, 0xf4292244); /* 49 */ II (ref d, a, b, c, xk+ 7, S42, 0x432aff97); /* 50 */ II (ref c, d, a, b, xk+14, S43, 0xab9423a7); /* 51 */ II (ref b, c, d, a, xk+ 5, S44, 0xfc93a039); /* 52 */ II (ref a, b, c, d, xk+12, S41, 0x655b59c3); /* 53 */ II (ref d, a, b, c, xk+ 3, S42, 0x8f0ccc92); /* 54 */ II (ref c, d, a, b, xk+10, S43, 0xffeff47d); /* 55 */ II (ref b, c, d, a, xk+ 1, S44, 0x85845dd1); /* 56 */ II (ref a, b, c, d, xk+ 8, S41, 0x6fa87e4f); /* 57 */ II (ref d, a, b, c, xk+15, S42, 0xfe2ce6e0); /* 58 */ II (ref c, d, a, b, xk+ 6, S43, 0xa3014314); /* 59 */ II (ref b, c, d, a, xk+13, S44, 0x4e0811a1); /* 60 */ II (ref a, b, c, d, xk+ 4, S41, 0xf7537e82); /* 61 */ II (ref d, a, b, c, xk+11, S42, 0xbd3af235); /* 62 */ II (ref c, d, a, b, xk+ 2, S43, 0x2ad7d2bb); /* 63 */ II (ref b, c, d, a, xk+ 9, S44, 0xeb86d391); /* 64 */ A+=a; B+=b; C+=c; D+=d; return new UInt32A,B,C,D; public static byte MD5Array(byte input) MD5_Init(); UInt32 block = MD5_Append(input); UInt32 bits = MD5_Trasform(block); /* Encodes bits (UInt32) into output (byte). Assumes len is * a multiple of 4. */ byte output=new bytebits.Length*