DSA Group Assignment

Example of a Perfect Hashing Function

The perfect hashing technique uses a hash function that provides a worst case search of O (1)
on a set of static keys. Given the randomly generated data set [79,33,25,65,40,9,19,31] we will
demonstrate how the perfect hash function works.
We will create a primary hash function
h(x)=((ak+b) %p) MOD m
where:
m=n (number of keys)
n=8
p=83 {smallest prime integer after the largest key}
a=11 {randomly chosen value}
b=29 {randomly chosen value}
h(x) = ((11k+29) % 83) MOD 8

Hashing to get primary table key indices

key h(x) [index]

79 4
33 4
25 7
65 0
40 6
9 5
19 0
31 6

Counters for ni (Keys hashing to the index (i))

I NI NI 2
0 2 [65 and 19] 4
4 2 [79 and 33] 4
5 1 [9] 1
6 2 [40 and 31] 4
7 1 [25] 1
∑ ni2 = 14
Evaluating whether h(x) is good hashing function
∑ni2 < 2n
14 < 16
The primary hash function is a good hash function. Proceeding to creating the secondary hash
function as summation of ni2 is less than 2n.
Creating a secondary hash function and choosing arbitrary values for ai and bi

index mi ai bi hi
0 4 5 37 ((5k+37) % 83) MOD 4
4 4 7 23 ((7k+23) % 83) MOD 4
5 1 0 0 ((0k+0) % 83) MOD 1
6 4 13 19 ((13k+19) % 83) MOD 4
7 1 0 0 ((0k+0) % 83) MOD 1
Primary and Secondary Slots for keys
Key Pr Hash Index h(x) Sec Hash Index hi(x)
79 4 2
33 4 1
25 7 0
65 0 2
40 6 1
9 5 0
19 0 1
31 6 3

Graphical Representation of the Data Set in the hash table

Introduction to Algorithms Question 11.41d

A family of universal hash functions H is 2-universal if for all x, y Є U such that x ≠ y and
Probability of h(x) = h(y) is ≤ 1/p, using one hash function from such a family means that
there exists p other function in the set H that can map m to h(m). Again, since Alice and Bob
had already agreed in advance which function h in H to use, it is practically impossible for the
adversary to identify the exact function they agreed. Even if he knows the family H, he can
only use one of them which has a probability of 1/p in fooling Bob. Therefore, we can conclude
that the probability of the adversary successfully intercepting the message and fooling Bob is
1/p.
The Decrypt ability of md5

Message Digest 5 simply referred to as md5 is a hashing function that takes in a message of
arbitrary length and produces a 128-bit hash value called a fingerprint or message digest. It was
designed by an MIT Professor Ronald Linn Rivest in 1991 to replace an earlier hash function
called md4. According to a specification by the internet Engineering task force (IETF),
hypothetically, it is computationally infeasible to produce two messages having the same
message digest, or to produce any message having a given prespecified target message digest.
It was primarily intended for digital signature applications where large files must be
compressed in a secure manner before being encrypted with a secret key under a public-key
cryptosystem. For instance, downloads of Linux OS Distributions. Over the past years its use
has been broadened to more than just digital signatures.
Other applications of md5 include: providing assurance to validity of downloaded file using
checksums (md5checksums), electronic discovery and one-way encryption for password
storage. For the password storage key stretching is added to enhance security of the passwords.
This discussion attempts to evaluate whether md5 can be decrypted or not by analyzing how it
works and its potential weaknesses.
md5 works in 5 steps to produce an output.
Step 1 of the md5 algorithm is to append padding bits to the message:
The message is extended to that its length in bits is congruent to 448, module 512. Even when
the message length is already congruent to 448, modulo 512, padding is still performed. A
single 1 bit is appended to the message and then 0s are appended so that the length of the
message becomes congruent to 448, modulo 512. In all cases a maximum of 512 and a
minimum of 1 bit may be appended.
Step 2 of the algorithm is appending length:
The result from the first step is appended with a 64-bit representation of the length of original
message before padding was done. At this point the message has a total length that is a
multiple of 512 bits. The message has a length that is an exact multiple of 16 words, each
having 32-bit.
Step 3 is initialization of the md buffer:
A four-word buffer A, B, C, D is used to compute the message digest and each of them is a
32-bit register. Each is initialized with hex values starting with low order bytes.
Step 4 is the actual processing of the message digest in 16-Word blocks:
During this step the algorithm uses auxiliary functions that take as input 3 32-bit words and
produce a 32-bit word as output.
Step 5 is the actual output:
This is the final step of the algorithm. The message digest is produced as A, B, C, D. the
message digest begins with the low order bytes of A and end with the high order byte of D.

It should be noted that md5 is not a usual encryption where original message can be
encrypted into a cipher and then decrypted back to the original form with a key. md5 is one-
way hash function meaning it does not provide with mechanism of converting the hash value
to its original message. Considering how the algorithm works we concluded that an md5
hash cannot be decrypted. Here decryption refers to the sense where an algorithm can
reverse the hash into the original text.

md5 has its weaknesses that make people exploit its hashes but it is nowhere near decryption.
These weaknesses include the pseudo-collision attack, birthday attack and dictionary method
attack. In pseudo collision attack, longer messages collide since we append to the suffix of
both messages. This makes it possible to recover the original message of a hash value by
brute force. In the dictionary method attack, a list of commonly used words are hashed and
the attacker maintains a database of key hash pairs. A user’s hash is then compared against
the database, if a match is found then the original key is retrieved to reveal the original
message. If you carefully look at it this isn’t really decrypting.

In our exploration we tested 2 websites that claim that they can decrypt md5 hashes:
md5decrypt.net and hashkiller.co.uk. if you go to these sites with your own hash of a
commonly used word and try to decrypt it, they will give you the original text. If you go with
a hash of a rarely used word or password combination, these sites fail to decrypt to you the
original text. They explicitly notify you that the hash was not found in their database.
Surprisingly if you try to encrypt the same original text on the same site and attempt to
decrypt it back, it returns back successfully. This is because for every encryption made, they
add the hash value and the original text to their database for future comparison.

In conclusion we firmly restate that md5 cannot be decrypted as it is a one-way hash

function. However, you can attempt to decrypt the original text by trying a large number of
potential inputs until a match is found but success is not fully guaranteed. Unfortunately, the
weaknesses in the md5 algorithm make it possible for several attacks to significantly find the
original text easily.

References
Leek, T. (2013, june 28). Retrieved from stackexchange:
https://security.stackexchange.com/questions/38141/if-hashing-is-one-way-why-can-we-
decrypt-md5-hashes

Rivest, R. (1992, April). rfc1321. Network Working Group. Retrieved from ietf:
https://tools.ietf.org/html/rfc1321

Sabari. (2011, february 16). Retrieved from stackexchange:

http://breakthesecurity.cysecurity.org/2011/02/introduction-to-cracking-md5-encryption-
breaking-the-hash-functions.html

Group Members
Pemphero Chiutsi [BIS/14/NE/003]
Francis Ganya [BIS/14/NE/004]
Johns Kumchenga [BIS/14/NE/016]
Jessica Mbeye [BIS/14/NE/023]