In information security, message authentication is an essential technique to verify that received messages come from the alleged source and have not been altered. A key element of authentication schemes is the use of a message authentication code (MAC). One technique to produce a MAC is based on using a hash function and is referred to as an HMAC. Message Digest 5 (MD5) is one of the algorithms, which has been specified for use in Internet Protocol Security (IPSEC), as the basis for an HMAC. The input message may be arbitrarily large and is processed in 512-bit blocks by executing 64 steps involving the manipulation of 128-bit blocks. There is an increasing interest in high-speed cryptographic accelerators for IPSEC applications such as Virtual Private Networks. It is reasonable to construct cryptographic accelerators using hardware implementations of HMACs based on a hash algorithm such as MD5. Two different architectures, iterative and full loop unrolling of MD5 have been implemented using Field Programmable Gate Arrays (FPGAs).
Hash functions compress a string of arbitrary length to a string of fixed length. They provide a unique relationship between the input and the hash value and hence replace the authenticity of a large amount of information (message) by the authenticity of a much smaller hash value (authenticator). In recent years there has been an increased interest in developing a Message Authentication Code (MAC) derived from ahash code. Among the many reasons behind this are that cryptographic hash functions such as MD5 and SHA-1 generally execute faster in software than symmetric block ciphers such as DES. The software for hash functions is widely available and there are no export restrictions from the United States or other countries for cryptographic hash functions. Hence, there are many applications of MD5, SHA-1 and other hash functions to generate MACs. The method to implement the MAC for IP security has been chosen as hash-based MAC or HMAC, which uses an existing hash function in conjunction with a secret key. The HMAC algorithm is specified for an arbitrary FIPS-approved cryptographic hash function. With minor modification, HMAC can easily replace one hash function with another.
Message Digest 5 (MD5) Algorithm
MD5 is a message digest algorithm developed by Ron Rivest at MIT. It is basically a secure version of his previous algorithm, MD4 which is a little faster than MD5. This has been the most widely used secure hash algorithm particularly in Internet-standard message authentication. The algorithm takes as input a message of arbitrary length and produces as output a 128-bit message digest of the input. This is mainly intended for digital signature applications where a large file must be compressed in a secure manner before being encrypted with a private (secret) key under a public key crypto system. Assume we have an arbitrarily large message as input and that we wish to find its message digest. The processing involves the following steps.
The message is padded to ensure that its length in bits plus 64 is divisible by 512. That is, its length is congruent to 448 modulo 512. Padding is always performed even if the length of the message is already congruent to 448 modulo 512. Padding consists of asingle 1-bit followed by the necessary number of 0-bits.
(2) Appending length
A 64-bit binary representation of the original length of the message is concatenated to the result of step (1). (Least significant byte first). The expanded message at this level will exactly be a multiple of 512-bits.