W3C MD5 Hash Algorithm - Version 1.0


This document provides an overview of the Message Digest 5, and details how a MD5 digest is encoded in a Resource Reference Information Extension, providing the digest of a referenced web resource.

Status of this Document

This document is part of the DSig 1.0 Recommendation. It has been reviewed by W3C Members and other interested parties and has been endorsed by the Director as a W3C Recommendation. It is a stable document and may be used as reference material or cited as a normative reference from another document.

Last updated: 1998-05-27T18:31:36Z

Overview

This hash algorithm is identified by the URL

http://www.w3.org/TR/1998/REC-DSig-label/MD5-1_0

The hash algorithm is defined in

The MD5 Message Digest Algorithm, R.L. Rivest, RFC 1321, April 1992

The MD5 algorithm (Message Digest 5) is a cryptographic message digest algorithm.

MD5 was designed by Ron Rivest, who is also the `R' in `RSA' in 1991. MD5 is described in rfc1321. C source code is included with the RFC. It is basically MD4 with "safety-belts" and while it is slightly slower than MD4, it is more secure. The algorithm consists of four distinct rounds, which have a slightly different design from that of MD4. Message-digest size, as well as padding requirements, remains the same. Den Boer and Bosselaers [B. den Boer and A. Bosselaers. Collisions for the compression function of MD5. In Advances in Cryptology - Eurocrypt '93, pages 293-304, Springer-Verlag, 1994.] have found pseudo-collisions for MD5 (see RSA FAQ Question 98), but there are no other known cryptanalytic results.

The MD5 algorithm takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA or PGP.

For further information on MD5, see:


DSig 1.0 Encoding

All values are encoded using the standard base-64 representation of a byte-array containing the two's-complement representation of the value to encode. The first byte in this array is the high-order byte. The minimal number of bytes necessary is used to represent a certain value, so no leading zero-bytes are allowed.

The BNF below shows how a MD5 digest is encoded in a Resource Reference Information Extension.

resinfo-data      ::= '(' HashAlgoURL resource-hash hash-date*1 ')'
HashAlgoURL       ::= '"http://www.w3.org/TR/1998/REC-DSig-label/MD5-1_0"'
resource-hash     ::= '"base64-string encoding of 128 bit MD5 message
                        digest of the information resource."'
hash-date         ::= quoted-ISO-date 
quoted-ISO-date   ::= '"'YYYY'.'MM'.'DD'T'hh':'mmStz'"'
     based on the ISO 8601:1988 date and time standard, restricted
     to the specific form described here:
     YYYY ::= four-digit year
     MM   ::= two-digit month (01=January, etc.)
     DD   ::= two-digit day of month (01 through 31)
     hh   ::= two digits of hour (00 through 23) (am/pm NOT allowed)
     mm   ::= two digits of minute (00 through 59)
     S    ::= sign of time zone offset from UTC ('+' or '-')
     tz   ::= four digit amount of offset from UTC
           (e.g., 1512 means 15 hours and 12 minutes)
     For example, "1994.11.05T08:15-0500" is a valid quoted-ISO-date
     denoting November 5, 1994, 8:15 am, US Eastern Standard Time
     Note: The ISO standard allows considerably greater
     flexibility than that described here.  PICS requires precisely
     the syntax described here -- neither the time nor the time zone may
     be omitted, none of the alternate formats are permitted, and
     the punctuation must be as specified here.
base64-string     ::= as defined in RFC-1521.

hash-date is optional. There may be zero or one dates included here at the signer's behest.

The following example shows a valid MD5 resinfo extension with two MD5 hashes of the referenced information resource. The first without a date, the second with a date.

   extension
     ( optional "http://www.w3.org/PICS/DSig/resinfo-1_0.html"
                ( "http://www.w3.org/TR/1998/REC-DSig-label/MD5-1_0" "base64-hash" )
                ( "http://www.w3.org/TR/1998/REC-DSig-label/MD5-1_0" "base64-hash" 
                  "1997.02.05T08:15-0500" ) )

Copyright  ©  1998 W3C (MIT, INRIA, Keio ), All Rights Reserved. W3C liability, trademark, document use and software licensing rules apply.

Philip A. DesAutels, DSig Project Manager 8 Oct 1997