03-11-2013, 02:30 AM
(03-10-2013, 04:42 PM)NeonFlash Wrote: Whatever is the size of input data, the 64 bit representation of the length will always be appended to the data.
32bit, there are not any 64bit words in MD5.
(03-10-2013, 04:42 PM)NeonFlash Wrote: padding with '1' followed by a sequence of 0's is only required if the length of input data (including 0x80 terminator) is not 448 bits, 960 bits and so on.
I'm not sure what you mean by this. The message is broken up in 16 32-bit words. If your message is only e.g. 128 bits in size, then the rest of the words are all 0, up to word 14. This is what we're taking advantage of.
(03-10-2013, 04:42 PM)NeonFlash Wrote: for any data size greater than 55 bytes, we need a multi block implementation?
Yes, correct.
(03-10-2013, 04:42 PM)NeonFlash Wrote: you mentioned that if size of input data is 16 bytes (15 bytes + 0x80 terminator), then the padding is not required?
1. we don't need to pad with 1 and 0's to bring the length upto 448 bits as required by the design?
2. we don't need to pad the length of input data (16 bytes)?
For any length < 55 bytes the padding is not required, because we can simply optimize out any operations on the null words. But if we optimize for length 15 and only have 8 bytes of input, then we do need to do a bit of padding (just 7 bytes.)
(03-10-2013, 04:42 PM)NeonFlash Wrote: Or does it mean the following:
w[0] - 1st 32 bit word of our input data
w[1..3] - 2nd, 3rd and 4th 32 bit words of input data
0x80 byte will be stored in w[3]
Yes. w[0] holds chars 1-4, w[1] holds 5-8, w[2] holds 9-12, w[3] holds 13-15 plus 0x80. w[14] holds the actual length of the input data.
(03-10-2013, 04:42 PM)NeonFlash Wrote: Now, we need to append the bit 1 followed by 0's till length comes upto 448 bits.
Nope, this is what we're optimizing out. We don't need to pad, and we don't need to operate on the padded data.
(03-10-2013, 04:42 PM)NeonFlash Wrote: now, from the C implementation of MD5 as mentioned on wiki (http://en.wikipedia.org/wiki/MD5)
This probably wouldn't be best implementation to study for password cracking, as this a full, un-optimized, multi-block implementation.
(03-10-2013, 04:42 PM)NeonFlash Wrote: b = b + LEFTROTATE((a + f + k[i] + w[g]), r[i]);
we are saving on the addition of w[g] (for the values of g from 5 to 13)
in each round, we are saving 9 ADD instructions
so a total of 9*4 = 36 ADD instructions are saved.
Yes, we optimize out the addition of w[g] in this example, but actually for w[4] - w[13], for a total of 40 ADDs eliminated.