bao cao md5

8/6/2019 BAO CAO MD5

1/21

BO CO M HA V CRACKING MD5

TRNG H K THUT CNG NGH TP.HCM

KHOA CNG NGH THNG TIN

*************************

MN: BO MT MNG

BO CO M HA V

CRACKING MD5

GVHD: NGUYN C QUANG

SINH VIN MNG KHO 2008 THC HIN

GVHD: NGUYN C QUANG Page 1


2/21


THC HIN BI CC NHM SINH VIN08DTHM:

1. L GIA T 0851020220

2. NGUYN MINH QUANG 0851020161

3. NUYN VN THNH 0851020187

4. TRN MINH TN 0851020197

5. H S QUANG 0851020162

6. PHM ANH QUANG 0851020157



3/21


M HA MD5I. GII THIU V M HA V THUT TON MD5:

1. M HA L G?

M ha l phng php bin thng tin t nh dng bnh thng sangdng thng tin khng th hiu c nu khng c phng tin gii m.

VD: T ngn xa ng cha ta bit dng cc cch m ha truyn thngtin c mt nh ghi ch ngc, c ch thng qua gng,dch chuyn ch ci

V sao chng ta cn phi m ha?- Nhu cu ring t, tnh bo mt- Ton vn ca thng tin

M ha cng l nn tng ca ch k in t, h thng PKI

Ch k in t l thng tin i km theo d liu (vn bn, hnh nh,video...) nhm mc ch xc nh ngi ch ca d liu .

Kha cng khai (PKI) thng c dng ch ton b h thngbao gm nh cung cp chng thc s (CA) cng cc c ch lin quanng thi vi ton b vic s dng cc thut ton mt m ha kha cngkhai trong trao i thng tin.

2. MD 5 L G?

MD5 (Message - Digest - algorithm 5)gii thut tiu ha tp tin l mtchun Internet (RFC 1321). C kh nng bmm ha tp tin bt k thnh chui HEX 32 kt, tng ng 128-bit (mi k t hex 4-bit

x 32 k t = 128 bit).

Hoc c th nh ngha theo cch khc.MD5 l cch cn bn ly chm k t ( ldigest, alphabeic hay g khc ), c gi l

string nhp vo v cho ra l 32 k t hexa.(0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f).

MD5 c thit k bi Ronald Rivest vo nm 1991 thay th cho hmbm trc , MD4. Vo nm 1996, ngi ta pht hin ra mt l hng trong MD5;trong khi vn cha bit n c phi l li nghim trng hay khng, nhng chuyn

http://vi.wikipedia.org/wiki/Internethttp://tools.ietf.org/html/1321http://tools.ietf.org/html/1321http://vi.wikipedia.org/wiki/Internet


4/21


gia m ha bt u ngh s dng nhng gii thut khc, nh SHA-1 (khi cng b xem l khng an ton). Trong nm 2004, nhiu l hng hn b khm phkhin cho vic s dng gii thut ny cho mc ch bo mt ang b t nghi vn.

3. C IM MD5

Vic tnh MD n gin, c kh nng xc nh c file c kch thc nhiuGb.

Khng c kh nng tnh ngc, khi tm ra MD.

Do bn cht ngu nhin ca hm bm v s lng cc ln cc gi tr hashc th, nn hu nh khng c kh nng hai bn tin phn bit c cng gi trhash.

Gi tr MD ph thuc vo bn tin tng ng.

Mt chui ch c duy nht mt hash.

Gi tr MD ph thuc vo tt c cc bit ca bn tin tng ng.

V d :

love is blue 03d4ad6e7fee3f54eb46b5ccde58249c

love is Blue 82b76f8eeb4a91aa640f9a23016c7b1c

II. NG DNG1. BO TON THNG TIN

MD5 c dng rng ri trong cc phn mm trn ton th gii m bovic truyn tp tin c nguyn vn. Cc nh pht trin ng dng thng dngMD5 trong vic cho php download file. H s cho xut bn mt tn hiu MDca file download. Khi chng ta ti file v , th file chng ta va download s cmt chui MD:

Nu tn hiu ny khp vi tn hiu cc nh pht trin ng dng xut

bn trn. Th OK, ko c vn . Nu hai tn hiu ny khc nhau, c th c trong file download c virut hay

tp tin b thay i.



5/21


tng tnh bo mt, ta c th thm key vo mt khu trc khi bmchng. Bm nhiu ln hn, .

Tuy nhin, hin nay d dng to ra xung t MD5, mt ngi c th to ramt tp tin to ra tp tin th hai vi cng mt checksum, do k thut nykhng th chng li mt vi dng gi mo nguy him. Ngoi ra, trong mt strng hp checksum khng th tin tng c (v d, nu n c ly t mtlnh nh tp tin ti v), trong trng hp MD5 ch c th c chc nng kimtra li: n s nhn ra mt li hoc ti v cha xong, rt d xy ra khi ti tp tin ln.

2. BO MT

Mc ch ca vic m ha ny l bin i mt chui mt khu thnh mt on

m khc, sao cho t on m khng th no ln tr li mt khu. C ngha lvic gii m l khng th hoc phi mt mt khong thi gian v tn ( lmnn lng cc hacker).



6/21


Qu trnh chng thc ca mt User vi Webserver



7/21


8/21


64 bit tip theo s c thm vo biu th chiu di ca chui bit ban u.

(B bit + bit 1 + k bit 0 + 64 bit chiu di) mod 512 = 0

V d: Ta c chui 384bit

Qu trnh thm bit

Bc 2: Khi to b m MD

Mt b m 4 word (A,B,C,D) c dng tnh m s thng ip. y miA,B,C,D l mt thanh ghi 32 bit. Nhng thanh ghi ny c khi to theo nhng gi trhex sau ( cc byte thp trc ) :

word A : 01 23 45 67

word B : 89 ab cd efword C : fe dc ba 98word D : 76 54 32 10

Bc 3: X l thng ip theo tng khi 16 word

Trc ht ta nh ngha cc hm ph, cc hm ny nhn u vo l 3 word 32 bit v tora mt word 32 bit.



9/21


Vi ln lt l XOR, AND, OR, NOT

y l qu trnh thc hin x l ca 4 hm F trn:

Qu trnh ny s dng mt bng c 64 gi tr T[1 .. 64] c to ra t hm sin. Gi

T[i] l phn t th i ca bng, th T[i]l phn nguyn ca 4294967296*|sin(i)| , i ctnh theo radian.

Thc hin:

/* X l mi khi 16 word */

For (i = 0 to N/16-1) do

/* Copy block i into X. */

For j = 0 to 15 do

Set X[j] to M[i*16+j].

end /* of loop on j */

/* Lu A vo AA, B vo BB, C vo CC, D v DD . Lm buffer */

AA = A

BB = B

CC = C

DD = D



10/21


Qu trnh thc hin qua cc vng



11/21




12/21


/* Then perform the following additions. (That is increment eachof the four registers by the value it had before this block was started.) */

/* Sau lm cc php cng sau. ( Ngha l cng vo mi thanh ghi gi trca n trc khi vo vng lp ) */

A = A + AAB = B + BBC = C + CCD = D + DD

end /* of loop on i */

Bc 4: In ra

M s thng ip c to ra l A,B,C,D. Ngha l chng ta bt u t bytethp ca A, kt thc vi byte cao ca D.



13/21


M GI

M gi cho gii thut MD5 nh sau.

//Ch : Tt c cc bin u l bin khng du 32 bit v bao ph m un 2^32

khi tnh ton

varint[64] r, k

//r xc nh s dch chuyn mi vng

r[ 0..15] := {7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22}

r[16..31] := {5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20}

r[32..47] := {4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23}

r[48..63] := {6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21}

//S dng phn nguyn nh phn ca sin ca s nguyn lm hng s:

for i from0 to 63k[i] := floor(abs(sin(i + 1)) (2pow 32))

//Khi to bin:

varint h0 := 0x67452301

varint h1 := 0xEFCDAB89

varint h2 := 0x98BADCFE

varint h3 := 0x10325476

//Tin x l:

append"1" bit to message

append"0" bits until message length in bits 448 (mod 512)

appendbit (bit, not byte) length of unpadded message as64-bit little-endian

integerto message

//X l mu tin trong on 512-bit tip theo:

for each512-bit chunk of message

break chunk into sixteen 32-bit little-endian words w[i], 0 i 15

//Khi to gi tr bm cho on ny:

varint a := h0

varint b := h1

varint c := h2

varint d := h3

//Vng lp chnh:

for i from0 to 63

if 0 i 15 then

f := (b andc) or ((not b) andd)

g := i

http://vi.wikipedia.org/wiki/M%C3%A3_gi%E1%BA%A3http://vi.wikipedia.org/wiki/M%C3%A3_gi%E1%BA%A3


14/21


else if 16 i 31

f := (d andb) or ((not d) andc)

g := (5i + 1)mod16

else if 32 i 47

f := b xor c xor d

g := (3i + 5)mod16 else if 48 i 63

f := c xor (b or (not d))

g := (7i)mod16

temp := d

d := c

c := b

b := b + leftrotate((a + f + k[i] + w[g]) , r[i])

a := temp

//Thm bng bm ca on vo kt qu:

h0 := h0 + a

h1 := h1 + b

h2 := h2 + c

h3 := h3 + d

varint digest := h0 appendh1 appendh2 appendh3 //(expressed as little-

endian)

//nh ngha hm dch tri

leftrotate (x, c)

return (x > (32-c));

Ghi ch: Thay v hm ha RFC 1321 gc nh trn, phn sau c th c dng tng hiu qu (hu

ch nu ngn ng assembly c dng - cn khng, chng trnh dch s t ng ti u ha on m

trn):

(0 i 15): f := d xor (b and(c xor d))

(16 i 31): f := c xor (d and(b xor c))

IV. CC GII PHP THAY TH TNG TBt c thut ton m ha no ri cng b gii m. Vi MD5, ngay t nm1996, ngi ta tm thy l hng ca n. Mc d lc cn cha r rng lm nhngcc chuyn gia m ha ngh n vic phi a ra mt thut gii khc, nh l SHA-1

http://tools.ietf.org/html/1321http://tools.ietf.org/html/1321


15/21


SHA-1 c coi l chun mc "vng" v thut ton. N c tch hp bntrong rt nhiu chng trnh thng dng nh PGP v SSL, c chng thc bi VinChun Cng ngh Quc gia v l thut ton ch k in t duy nht c C quanChun Ch k S ca chnh ph M ph chun.

V. KT LUN

Thut ton s ha thng ip MD5 kh n gin thc hin, cung cp mt dngvn tay hay m s ca thng ip vi di ty .

Ngi ta cho rng kh tm c 2 thng ip c cng m s l khong 2^64bc tnh, v kh tim c mt thng ip vi m s cho trc l 2^128 bctnh.

- Vi bt k gi tr x, khng th tnh c y x sao cho H(y) = H(x).

- Khng th tnh c mt cp (x, y) sao cho H(x) = H(y).

Do MD5 c s dng rng ry trong cc ng dng, web, bo mt, v chngthc

Tuy nhin mt mc no th md 5 vn c th crack c.

VI.DEMO SNIFF & CRACK MD5:

Tuy mc bo mt ca MD5 c nh gi l kh tt v khng th dch ngc. Nhngcn vic crack on Hash MD5 l c th thc hin c. Trong bi demo ny ti s thchin vic bc gi tin login ng nhp ca din n http://ithutech.net vi thng tin

password c m ha bng MD5.

http://ithutech.net/http://ithutech.net/


16/21


ngh cn chun b:

Trnh duyt internet Wireshark bt lu lng login. Cain & Abel



17/21


Cc bc thc hin:

B1:

Dng trnh duyt m trang web cn tn cng.

B2: M wireshark v chn card mng ang s dng

B3: Tr li trang din n v tin hnh login

B4: Lc gi tin http login.php



18/21


Xem ni dung bt c

B4: Tin hnh cracking on password MD5 va bt c bng cain & Abell davo gii thut Brute-force attack



19/21


Cho on hash MD5 vo

nh dng pass c th l a-z, A-Z, 0-9, !@#...


nh dng pass cn tim

Gii hn chiu di pass


20/21


V kt qu

Kt qu tim c l: 0989612220

Th nghim thnh cng vi mt s kiu password kiu tn ngi, s in thoi,ngy thng nm sinh



21/21

bao cao md5

Documents