Newsgroups: alt.security.pgp,alt.industrial.computing,alt.comp.virus,cern.computing,comp.ai.edu,comp.arch.arithmetic,comp.compression,comp.edu,comp.hardware,comp.org.decus,comp.org.ieee,comp.programming
Path: cantaloupe.srv.cs.cmu.edu!das-news2.harvard.edu!fas-news.harvard.edu!newspump.wustl.edu!news.ecn.bgu.edu!vixen.cso.uiuc.edu!howland.reston.ans.net!newsfeed.internetmci.com!btnet!demon!peer-news.britain.eu.net!strath-cs!info!aba
From: aba@dcs.exeter.ac.uk (Adam Back)
Subject: Re: What is Checksum, CRC and MD5 hash???
In-Reply-To: vawjr08@ibm.net's message of 12 Dec 1995 08:44:18 GMT
Message-ID: <DJKq82.BLx@exeter.ac.uk>
Lines: 96
Sender: news@exeter.ac.uk (news admin)
Organization: Department of Computer Science, University of Exeter, U.K.
References: <4aj5d1$r5v@nntp.igs.net> <4ajfd2$2l1m@news-s01.ny.us.ibm.net>
Distribution: inet
Date: Thu, 14 Dec 1995 11:21:34 GMT
Xref: glinda.oz.cs.cmu.edu comp.ai.edu:3043 comp.arch.arithmetic:1615 comp.compression:25164 comp.edu:15312 comp.org.decus:7559 comp.org.ieee:4260 comp.programming:21684


Victor Wagner <vawjr08@ibm.net> writes:
> Kevin Curry <curryk@cnwl.igs.net> writes:
> >[...]
> >
> >What is Checksum, Cyclic Redundancy Check and a MD5 Hash Function?
> 
> [explanation of Checksum, and CRC]
>
> MD5 - damifino... I haven't worked with it, nor read anything about it

MD5 is a cryptographic message digest - a one way hash function.

MD5 was designed by Ron Rivest, and may be used freely.  It is
described in an RFC1321.  The RFC includes source code.

	ftp://ftp.dsi.unimi.it/pub/security/code/md5.tar.gz

the tar file includes the rfc, source code split into files, makefile,
and man page.

MD5 takes a variable number of bytes as input, and produces a 16 byte
digest as output.  It is designed so that it is hard to construct a
message with a chosen digest, it is often used to check that binaries
have not been altered.

PGP uses MD5 as a one way hash in a several places: 

- for signatures
- for converting the text passphrase into an IDEA key
- for random number conditioning
- for key fingerprints

Signatures.

A PGP signature just RSA signs the digest of the file to be signed,
because RSA encrypt is slow, and as a digest is a fingerprint of the
actual file with the property that it is hard to modify the file
without affecting the signature, it provides nearly as good
authentication to sign (encrypt with private key) the digest, rather
than the whole file.

So a PGP signature is computed with:

  sig = rsa_enc(padding . MD5(file . asci(0) . timestamp), n, d )

This applies to detached signatures, and cleartext sigs, and non-clear
sigs.  The signatures generated by:

detached	pgp -satb file
cleartext	pgp -sat +clearsig=on file
non-clear	pgp -sat +clearsig=off file

-t the tells pgp to presume ascii, -a to produce ascii armoring, -b to
break the file (detach the sig), +clearsig=on/off to sign clear or not.

Passphrase.

Your actual secret key (PGP stores: d,p,q,u) where d is the secret
exponent ((m ^ e % n) ^ d % n == m for all 0 < m < n), p and q are the
factors of n, st n = p x q, p < q, and u is the inverse of p mod q, ie
p x u = 1 (mod q).  All that is really needed is to store d for the
secret key, but PGP keeps p, q and stores u also because they allow
the use of the chinese remainder theorem to implement a faster modular
exponentiation mod n.

OK, so the secret key is IDEA encrypted, and the IDEA key used to
encrypt it is the 16 byte MD5 digest of your passphrase.

Key Fingerprints.

The key fingerprint is the MD5 digest of n and e, the two components
of the public key.

Random Number conditioning.

The random number code mixes in things like the MD5 of the plaintext,
and applies MD5 a number of times to mix in other data to ensure that
the result is irreversible, and that it is evenly distributed.

Adam
--
Munitions T-shirt home page: http://www.obscura.com/~shirt/

#!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL
$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa
2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print
pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length$n&~1)/2)
