Magic Numbers in MD5
I am curious where some of the magic numbers in MD5 originated. First, we have the four chaining variables, A, B, C, and D which are initialized with apparently random numbers. Are they as random as they look, or are they carefully chosen? Second, we have the t_i values. Schneier's first edition says this: "In step i, t_i is the integer part of 4294967296xabs(sin(i)), when i is in radians. (Note that 4294967296 is 2^32.)" Does abs(sin()) have some properties that are especially conducive to strengthening MD5 or is it just a function to generate mildly random numbers? If the latter, wouldn't the algorithm be stronger if it was used with completely random numbers? Peter Hendrickson ph@netcom.com
-----BEGIN PGP SIGNED MESSAGE----- On Fri, 13 Dec 1996, Peter Hendrickson wrote:
I am curious where some of the magic numbers in MD5 originated.
First, we have the four chaining variables, A, B, C, and D which are initialized with apparently random numbers. Are they as random as they look, or are they carefully chosen?
Random? A = 0x01234567 B = 0x89abcdef C = 0xfedcba98 D = 0x76543210
Second, we have the t_i values. Schneier's first edition says this:
"In step i, t_i is the integer part of 4294967296xabs(sin(i)), when i is in radians. (Note that 4294967296 is 2^32.)"
Does abs(sin()) have some properties that are especially conducive to strengthening MD5 or is it just a function to generate mildly random numbers? If the latter, wouldn't the algorithm be stronger if it was used with completely random numbers?
I am not sure of the properties of abs(sin()). I know that the S-boxes in Blowfish are initialized with pi. I would guess that the purpose of using such values is to use easily generated pseudo-random numbers. Mark - -- finger -l for PGP key PGP encrypted mail prefered. 0xf9b22ba5 now revoked -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQEVAwUBMrMD/SzIPc7jvyFpAQEA7gf9HAtV1Vy+3LO5OPOHyU9ZHoath32LhAwU PzODS/YJsY9fVxaMHOm15oL9D4CX2D5s/Y9cgrALG6pGzw4dBWJZJyqNAcbmsjp/ B/jNL9jXKCXg1byIzplKSjJqDypLzIPf07xTIQVCC5IDmwZ7pR5owngH9MDaE8is aFiGZvuWNm7eHQg1kJSb40xQjkwszx+SP1Gv9+fvpys5GZLCTHwPx8SCpy7PXwNp lm8fgV9mjc7wZIpw73oqPZEb7Q3VHZUOUXS2i6XNF3UVXa4aykBg5VvALPt0tuvv ah5JjA6JP4STwSCj+HrnMpQJ8SCG4U3kKb54+WOl8H6eo7ekuEU8mw== =uNLG -----END PGP SIGNATURE-----
At 9:15 PM -0800 12/13/96, Peter Hendrickson wrote:
I am curious where some of the magic numbers in MD5 originated.
First, we have the four chaining variables, A, B, C, and D which are initialized with apparently random numbers. Are they as random as they look, or are they carefully chosen?
Second, we have the t_i values. Schneier's first edition says this:
"In step i, t_i is the integer part of 4294967296xabs(sin(i)), when i is in radians. (Note that 4294967296 is 2^32.)"
Does abs(sin()) have some properties that are especially conducive to strengthening MD5 or is it just a function to generate mildly random numbers? If the latter, wouldn't the algorithm be stronger if it was used with completely random numbers?
Peter Hendrickson ph@netcom.com
Perhaps random numbers would be stronger but they would not be manifestly random. MD5's formula for t_i precludes the possibility that the definer of MD5 chose the numbers accoriding to some undisclosed principles that would allow him a trap door. The following code computes the magic numbers without requiring trig functions: static word si[64]; static int md5init() {double c1=0.5403023058681397, s1 = 0.8414709848078965; int j; double a=1, b=0; for(j=0; j<64; ++j) {double p = a*c1 - b*s1, q = a*s1 + b*c1; a=p; b=q; {union{double d; struct{int high; int low;} fx;} z; z.d=(fabs(b)-1.1e-10)+1048576; si[j] = z.fx.low; }}} An alternative would have been to let t_i be MD4(i) or SHA(i). Using SHA to define MD5 would have required collusion between Rivest and NSA to allow for a trap door. Even then it would have been very difficult.
participants (3)
-
Mark M. -
Norman Hardy -
ph@netcom.com