請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/26232完整後設資料紀錄
| DC 欄位 | 值 | 語言 |
|---|---|---|
| dc.contributor.advisor | 陳俊良(Chuen-Liang Chen) | |
| dc.contributor.author | Chih-Shun Chen | en |
| dc.contributor.author | 陳志順 | zh_TW |
| dc.date.accessioned | 2021-06-08T07:03:36Z | - |
| dc.date.copyright | 2009-02-03 | |
| dc.date.issued | 2009 | |
| dc.date.submitted | 2009-01-22 | |
| dc.identifier.citation | 1. R. Rivest, “The MD5 Message-Digest Algorithm,” Network Working Group, Request for Comments 1321, April 1992.
2. Xiaoyun Wang and Hongbo Yu, “How to break ND5 and other hash functions,” EUROCRYPT 2005. LNCS, vol. 3494, Springer, 2005, pp. 19-35. 3. John Black, Martin Cochran and Trevor Highland, “A Study of the MD5 Attacks: Insights and Improvements,” Fast Software Encryption 2006. LNCS, vol. 4047, Springer, 2006, pp. 262-277. 4. Vlastimil Klima, “Finding MD5 collisions on a notebook PC using multi-message modifications,” Cryptology ePrint Archive, Report 2005/102, 2005, http://eprint.iacr.org/2005/102. 5. M.M.J. Stevens, “On Collisions For MD5,” Master’s thesis, Eindhoven University of Technology, 2007. 6. Stallings, W., “Cryptography and Network Security: Principles and Practice,” Third edition, Prentice Hall, 2003. 7. Damgard, I. B., “A design principle for hash functions,” Advance in Cryptology, Crypto’89 Proceedings, Springer-Verlag, 1990. 8. Dobbertin, H., “Cryptanalysis of MD5 compress,” presented at the rump session of Eurocrypt’96. | |
| dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/26232 | - |
| dc.description.abstract | 赫序函數將任意長度的資訊壓縮成一固定長度的訊息摘要,產生類似「指紋」的效用,以驗證原始訊息是否遭到更動或防止來源/目的端的否認,其應用涵蓋數位簽章、訊息認證、電子商務、線上金融交易與通行密碼等領域。
現今應用最廣泛的赫序函數是MD5與SHA-1,兩者都是美國國家標準與技術研究院所認可的赫序函數。山東大學的王小雲教授於2004年8月在美洲密碼年會(Crypto’2004)中發表破解MD5報告[2],又於2005年2月RSA年會由密碼大師A.Shamir宣布找到了SHA-1的安全漏洞,在密碼學及資訊安全界造成了極大的震撼。 王小雲破解MD5係使用差分攻擊法,並提供找到碰撞所需之明文及中間值的差異條件,符合這些條件即可產生碰撞。至於這些碰撞條件是如何建立的?論文中並未說明,目前學界也並未針對此問題加以探討,然這卻是王小雲破解MD5的關鍵技術所在。 在本篇論文中,我們深入研究MD5赫序函數的性質與邏輯,並發現其弱點;然後分析王小雲破解MD5的方法,進而研獲碰撞條件建立的原因,並逐步推導,所獲結果與王小雲的結果幾乎一樣,足資印證我們的論點;最後,我們針對王小雲破解MD5方法提出反制之道,俾供研發新一代更安全的赫序函數參考。 | zh_TW |
| dc.description.abstract | Hash functions are used to compress variable-length message into a fix-length message digest, similar to finger-print, for the purpose of verifying the original message is changed or not and preventing denied by sender or receiver. Hash functions have been applied in digital signature, message authentication, electrical commercial, on-line financial transaction, password and so on.
Nowadays the most well-known hash functions are MD5 and SHA-1 which both are ANSI-standards. Professor Xiaoyun Wang of Shandong University, China announced report of breaking MD5[2] in Crypto 2004. Then A.Shamir announced weakness of SHA-1 for Wang in RSA 2005. Both events established milestones in cryptology and information security. To break MD5, Wang makes use of differential attack and offers necessary collision conditions for plain and middle parameter values. As for these conditions, Wang didn’t mention how they were deduced, neither did other scholars. Nevertheless it is the key technology of breaking MD5. In this paper, the algorithm and weakness of MD5 are presented. Then Wang’s method of breaking MD5 and reasons of collision conditions are given. Finally, a solution to resist Wang’s attack is proposed to add to the guidelines of designing more secure next-generation hash functions. | en |
| dc.description.provenance | Made available in DSpace on 2021-06-08T07:03:36Z (GMT). No. of bitstreams: 1 ntu-98-P93922006-1.pdf: 1020680 bytes, checksum: e0808b754a473ffc0c09014bd6f3bec1 (MD5) Previous issue date: 2009 | en |
| dc.description.tableofcontents | 口試委員會審定書 ………………………………… i
誌謝 ………………………………………………… ii 中文摘要 ……………………………………………iii 英文摘要 …………………………………………… v 第一章 MD5赫序函數簡介 1 第一節 赫序函數的簡介 1 第二節 MD5的背景說明 2 第三節 MD5的函數邏輯 3 第二章 如何找出MD5的碰撞 13 第一節 生日攻擊法 13 第二節 中間相遇攻擊法 13 第三節 差分分析法 14 第四節 王小雲MD5碰撞方法 14 第三章 王小雲破解MD5關鍵技術的突破 17 第一節 王小雲破解MD5的關鍵技術 17 第二節 推導論文表3、4第1、2回合的條件 19 第三節 推導論文表3、4第3、4回合的條件 27 第四節 推導論文表5、6及兩個BLOCKS的碰撞 37 第四章 MD5被王小雲破解之弱點與反制之道 41 第五章 結論 44 參考文獻 46 | |
| dc.language.iso | zh-TW | |
| dc.subject | 差分攻擊 | zh_TW |
| dc.subject | 赫序函數 | zh_TW |
| dc.subject | 雜湊函數 | zh_TW |
| dc.subject | 王小雲 | zh_TW |
| dc.subject | 碰撞 | zh_TW |
| dc.subject | 破解 | zh_TW |
| dc.subject | collision | en |
| dc.subject | Differential Attack | en |
| dc.subject | Xiaoyun Wang | en |
| dc.subject | MD5 | en |
| dc.subject | hash function | en |
| dc.title | 破解赫序函數MD5關鍵技術之探究 | zh_TW |
| dc.title | The Research of Key Technology in Breaking MD5 Hashing Function | en |
| dc.type | Thesis | |
| dc.date.schoolyear | 97-1 | |
| dc.description.degree | 碩士 | |
| dc.contributor.oralexamcommittee | 雷欽隆(Chin-Laung Lei),黃俊穎(Chun-Ying Huang) | |
| dc.subject.keyword | 赫序函數,雜湊函數,王小雲,碰撞,破解,差分攻擊, | zh_TW |
| dc.subject.keyword | Xiaoyun Wang,MD5,hash function,collision,Differential Attack, | en |
| dc.relation.page | 46 | |
| dc.rights.note | 未授權 | |
| dc.date.accepted | 2009-01-22 | |
| dc.contributor.author-college | 電機資訊學院 | zh_TW |
| dc.contributor.author-dept | 資訊工程學研究所 | zh_TW |
| 顯示於系所單位: | 資訊工程學系 | |
文件中的檔案:
| 檔案 | 大小 | 格式 | |
|---|---|---|---|
| ntu-98-1.pdf 未授權公開取用 | 996.76 kB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。