I needed some MD5 hashing routines a few days ago for my tiny POP3 mail program that I'm working on (for MD5 authentication), and searched around here and on the internet and found nothing but needless bloat. I don't need much speed for what I'm doing so I wrote this with size in mind, although compared to other implementations it's still fast. Hope you all can make use of it.

The source file, .h and .inc include files for C and ASM, and a working LIB file is included in the download. See readme.txt or one of the include files for notes on how to use it.

Feel free to offer suggestions on how to make it smaller. ;D
Posted on 2003-07-20 22:34:19 by iblis
I was just thinking, "Gee it would be nice to have a good hashing function"... and voila!

This is great work Iblis! Very clean and well written. Your source is soooo pretty to look at too <lol>


I have a general idiots question tho, how likely is two keys to generate the same hash code? (I dont know anything about the MD5 spec). To safely use this routine for hashing strings etc., would i need to build a linked list type hashing table to ensure i can safely access the right data with a hash code?? Or can i trust that two different keys will give two different hash codes... (Sorry if this is a dumb question. I havent dealt with hash tables in years).

:NaN:
Posted on 2003-07-20 23:08:12 by NaN
Hi NaN, thanks ;)



how likely is two keys to generate the same hash code?
I don't think it's very likely at all, although as with any hashing method, there is still a chance. But MD5 was designed to produce very sensitive hashes. If you change even one bit in the data stream, you'll see evidence of this.



To safely use this routine for hashing strings etc., would i need to build a linked list type hashing table to ensure i can safely access the right data with a hash code??
I guess that depends on how big your hash table is and how much data you plan to put in it, since you must take the hash_code modulo table_size to produce the table index. It's always a good idea to have some mechanism for handling collisions.


MD5 is typically used for checking data integrity and such. I don't think it's used much as a hashing function for hash tables, although there's no reason why it can't be. ;) But if you want lightning fast speed you're probably better of with some other hashing method.
Posted on 2003-07-21 00:06:07 by iblis
1 Executive Summary
This document describes the MD5 message-digest algorithm. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.


Well this seem kinda confident in it ;) . One more question. What the Heck in RSA? (and dont say "public key cryptosystem" <lol>.

:NaN:
Posted on 2003-07-28 23:33:24 by NaN
Posted on 2003-07-29 01:00:05 by iblis
Very well written code! Thanks for sharing!
Posted on 2003-07-29 01:45:14 by bazik
Hi Iblis.

Great code!
I will port it to FASM these days. ( Without changing your name of course
:grin: )
Posted on 2003-07-29 02:01:13 by JohnFound
Hi Bazik, JohnFound. Thank you both.

Feel free to port it to FASM, and when you do, be sure to let me know. :)
Posted on 2003-08-24 20:41:38 by iblis
Can you post the download again please. I'm looking for MD5 hash now too.

Thanks.
Posted on 2005-02-08 08:33:59 by V Coder
Don't use MD5 it's not secure. Find another alternative.
Posted on 2005-02-08 12:06:07 by mark_larson
Not much else you can do if you use, what is it, APOP? authentication with pop3, since that's what the standard dictates. It should be enough for that kind of auth anyway, as what you have to send back to the server is MD5(random_server_string+the_password) - ie, there's a dynamic factor here, it's not like bruteforcing a unix passwd :)
Posted on 2005-02-08 18:19:31 by f0dder
Actually, I'm just looking for any easily implementable 128 bit hash. Not for security. I will hash a long number and then sort the hash in an array, searching for collisions with binary search.

Actually I'm also looking for an iterative, not recursive, binary search tree algorithm.
Posted on 2005-02-08 20:35:12 by V Coder
I was part of a distributed project that was trying to show that MD5 is insecure due to collisions. After we had been up and running for 4 months, some researchers could generate a collision a 100% the time with MD5 in an hour using an algorithm. That's a problem. Second since they were able to so easily generate a collision, it would not surprise me if they eventually will be able to get the unencrypted password. So MD5 has been declared insecure. And if you are going to use it, you never send a password that has been hashed with MD5 over the network. If you have to send a password over the network use something else to encrypt it.
Posted on 2005-02-09 11:29:21 by mark_larson
(in the context of POP3 email servers using APOP authentication)
Verifying that you have a collision requires you to test the md5sum, right? So in that case, you would have to hammer the server with generated MD5s. Good servers block if you hammer. Also, you only get *one* chance of getting it right, next time you you try the random generated string prepended to the password is different, so it's a different MD5 you'd have to send.

So, while I definitely wouldn't use MD5 for a password database, it should be safe enough for this kind of auth'ing.
Posted on 2005-02-09 11:37:19 by f0dder
Phew.  It's been months since I've been back to Win32ASM.  Hi everyone ;)

I don't know what happened to the old library files I uploaded, but as I have had multiple requests for it in my PM inbox, I managed to relocate it on an old backup CD I burnt, so here it is.  Enjoy.
Attachments:
Posted on 2005-04-21 14:42:43 by iblis
Hey iblis, long time no see - nice to see you again! :)

The board's been hacked a couple of times and stuff, I think all attachments were wiped out :/
Posted on 2005-04-21 15:08:00 by f0dder
Hey f0dder.

That sucks.  I guess PHPBB had some pretty bad security holes?
And what happened to the domain?
Posted on 2005-04-21 17:09:45 by iblis
*very* bad security holes indeed, and new ones all the time :)

The domain works fine, I think the reason we see the IP so often is because of a configuration issue, or perhaps reverse DNS.
Posted on 2005-04-21 17:12:22 by f0dder
For the record, I've just used this lib in yet another project, it's gold as far as I am concerned  8)
Posted on 2006-10-08 06:40:27 by Homer
Hey, iblis
is it right?
input:abc
hash:8faae823bba223c561ea7008dee23464
include MD5.inc
includelib MD5.lib

.const
IDC_ABOUT equ 101
IDC_EDITTEXT equ 102
IDC_EDITHASH equ 103
IDD_DIALOG equ 100
IDI_ICON equ 200

MAXSIZE equ 260

.data
bfBuffer db MAXSIZE dup (0)
szAboutCaption db 'about md5hasher',0
szAboutText db 'md5hasher',13,10,'by Greg Hoyer aka iblis',13,10,'7-20-2003',0

.data?
hInstance HINSTANCE ?
ctxt MD5CTXT <>
hash MD5HASH <>
strn db 33 dup(?)  ; use dw for unicode

.code

DlgProc proc uses ebx EDX edi esi hWnd:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM

.if uMsg==WM_INITDIALOG
invoke LoadIconA,hInstance,IDI_ICON
invoke SendMessageA,hWnd,WM_SETICON,1,eax
invoke SendDlgItemMessageA,hWnd,IDC_EDITTEXT,WM_SETTEXT,0,0
.elseif uMsg==WM_CLOSE
invoke EndDialog,hWnd,0
.elseif uMsg==WM_COMMAND
mov eax,wParam
mov edx,wParam
shr edx,16
.if edx==BN_CLICKED
.if ax==IDC_ABOUT
invoke MessageBoxA,hWnd,addr szAboutText,addr szAboutCaption,MB_OK or MB_ICONASTERISK
.endif
.elseif edx==EN_CHANGE
.if ax==IDC_EDITTEXT
invoke GetDlgItemText,hWnd,IDC_EDITTEXT,offset bfBuffer,MAXSIZE
invoke MD5_Startup
invoke MD5_Init, offset ctxt
invoke MD5_Read, offset ctxt, offset bfBuffer, SIZEOF bfBuffer
invoke MD5_Digest, offset ctxt, offset hash
invoke MD52String, offset hash, offset strn, 0
invoke SendDlgItemMessage,hWnd,IDC_EDITHASH,WM_SETTEXT,0,offset strn
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret

DlgProc endp

start:
invoke GetModuleHandle,0
mov hInstance,eax

invoke DialogBoxParam,hInstance,IDD_DIALOG,0,addr DlgProc,0
invoke ExitProcess,eax

end start

#include </masm32/include/resource.h>

100 DIALOGEX MOVEABLE PURE LOADONCALL DISCARDABLE 117, 108, 208, 41, 0
STYLE DS_SYSMODAL | 0x0004 | DS_CENTER | WS_CAPTION | WS_SYSMENU | WS_VISIBLE | WS_OVERLAPPED
CAPTION "md5 hasher"
FONT 8, "MS Sans Serif", 700, 0 /*FALSE*/
BEGIN
    EDITTEXT        102, 24,2,182,12, ES_AUTOHSCROLL | ES_LEFT, , 0
    EDITTEXT        103, 24,14,182,12, ES_AUTOHSCROLL | ES_READONLY | ES_LEFT, , 0
    PUSHBUTTON      "&about", 101, 168,28,38,13, 0, , 0
    LTEXT          "text :", -1, 6,3,17,9, SS_LEFT, , 0
    LTEXT          "hash :", -1, 2,15,21,8, SS_LEFT, , 0
END

200 ICON MOVEABLE PURE LOADONCALL DISCARDABLE "xxx.ICO"
Posted on 2006-10-08 09:11:24 by dcskm4200