How can I encrypt string using the MD5 method?

[shappen]

Is there a function to do this ?
with the string parameter,it return the encryption result of the string
?

 

[Walter Roberson]

Is there a function to do this ?
with the string parameter,it return the encryption result of the string

MD5 is not an encryption function: it is a hash function.

There are no encryption functions specified by the C standards.
No hash functions either.

There are a number of fairly portable MD5 libraries. See for example
http://sourceforge.net/projects/libmd5-rfc/

I had a look at the above code, and it looks to be fairly
standard C -- except that at one point it attempts to determine
whether the machine is "big endian" or "little endian" and it
appears to me at first look that the test done for that might perhaps
not be completely portable, perhaps failing on machines whose
short is the same size as int.

 

[shappen]

Thank you for reply!
In PHP there is a md5() function to do this and I think if there is an
equal function in C.
By the way,is there any better encryption method than MD5??

 

[Richard Heathfield]

(e-mail address removed) said:

Thank you for reply!
In PHP there is a md5() function to do this and I think if there is an
equal function in C.
By the way,is there any better encryption method than MD5??

MD5 is not an encryption method. It's a hashing method.

Whether one encryption method is "better" than another depends on what you
mean by "better". Faster? Easier key distro? More secure? ROT-26 is way
faster than AES. It's much easier to solve the key distribution problem for
AES than for OTP. OTP is vastly (infinitely?) more secure than ROT-26.

 

[shappen]

My better means more secure.
So as you say OTP may be the answer.
How can use it in C?Could you give me some advice?

 

[Richard Heathfield]

(e-mail address removed) said:

My better means more secure.
So as you say OTP may be the answer.

Unlikely, even though it is information-theoretically secure (which means
that, used properly, it is provably uncrackable).

How can use it in C?

void otp(unsigned char *o,
const unsigned char *i,
const unsigned char *k,
size_t len)
{
while(len--)
{
*o++ = *i++ ^ *k++;
}
}

Could you give me some advice?

In OTP, the key has to be as long as the message, completely random, and
never re-used. This leads to practical problems in key distribution which
render the OTP useless for many purposes. Having said that, for 100%
security it can't be beaten, which is why you used to see so many film
snippets in the 1970s where politicians visiting other countries would
always have a courier with them with a briefcase chained to his wrist. Ever
wonder what was in the briefcase? Key material!

 

[shappen]

You say the following is its main implementation:
void otp(unsigned char *o,
const unsigned char *i,
const unsigned char *k,
size_t len)
{
while(len--)
{
*o++ = *i++ ^ *k++;
}


}

?

 

[Richard Heathfield]

(e-mail address removed) said:

You say the following is its main implementation:
void otp(unsigned char *o,
const unsigned char *i,
const unsigned char *k,
size_t len)
{
while(len--)
{
*o++ = *i++ ^ *k++;
}


}

?

Yes. The OTP is a remarkably simple algorithm, and guaranteed uncrackable if
used correctly.

 

[Walter Roberson]

You say the following is its main implementation:

Please note, other people are not reading by threading newsreaders, or might
not have received the previous message yet, or the message might have
expired for them. [I've seen expiration times set as low as 4 hours
on some newsservers.] It is therefore best to include enough context
for people to know what you are talking about.

In this particular case, "its" does not have meaning without the
discussion context. The missing referant is that you are discussing
implementation of OTP (One Time Pads).

[You also left out the attribution, so we can't easily tell who
wrote the code you quoted.]

void otp(unsigned char *o,
const unsigned char *i,
const unsigned char *k,
size_t len)
{
while(len--)
{
*o++ = *i++ ^ *k++;
}
}

?

Yes, that is a complete and correct implementation of One Time Pad
encryption.

i is the input stream of bytes. i is -not- constrained to be a "string":
NUL bytes are acceptable input. Because of that, the length of the
input is passed in len.

k is the keying material. The key must be as long as the input. As the
previous poster remarked, you must not reuse the key material, or else
the security of your OTP is severely put at risk. The key must *not* be
from a "random number generator": it must be truly random, such as
from physically flipping coins millions of times, or from
radioactive decay. This randomness is important!!! Note: random NUL bytes
are acceptable in the key material, so k is not a "string" either.

o is the output buffer, which must be as long as the input. It is
possible for the encryption process to result in NUL bytes in places,
so s is not a "string" either.

The output really is just formed from the input xor'd with the key.
When the output is xor'd with the key, the result would be the
input back again. But first you have to get a copy of the key to
the recipient; that's what the other poster was referring to as
"key distribution".

 

[Walter Roberson]

In PHP there is a md5() function to do this and I think if there is an
equal function in C.

Not in the C standard, but you can find md5 code in several places
such as the one I referced.

PHP has gone through a number of versions; earlier versions did
not have md5(). C goes through very very few official versions.

PHP is expected to provide -all- of the functions defined for
its current version, and the functions that will be called upon
are not known until runtime, so PHP can end up being a largish
executable. C expects that you will link in only the functions
you need for a particular task, so C can end up with small fast
executables.

 

[Keith Thompson]

(e-mail address removed) said:


MD5 is not an encryption method. It's a hashing method.

Whether one encryption method is "better" than another depends on what you
mean by "better". Faster? Easier key distro? More secure? ROT-26 is way
faster than AES. It's much easier to solve the key distribution problem for
AES than for OTP. OTP is vastly (infinitely?) more secure than ROT-26.

Since nobody seems to have mentioned it yet, "OTP" stands for
"One-Time Pad".

None of this is really topical here. You might try sci.crypt -- but
read their FAQ first (if they have one) and read some of their
archives before posting.

And, of course, Google is your friend.

 

[SM Ryan]

# Is there a function to do this ?
# with the string parameter,it return the encryption result of the string
# ?

There are many functions to do this, but they vary based on your system.

 

[shappen]

Thank you for all replies.

Walter,I am sorry to do this (Please note, other people are not reading
by threading newsreaders, or might
not have received the previous message yet, or the message might have
expired for them. [I've seen expiration times set as low as 4 hours
on some newsservers.] It is therefore best to include enough context
for people to know what you are talking about.
In this particular case, "its" does not have meaning without the
discussion context. The missing referant is that you are discussing
implementation of OTP (One Time Pads).
[You also left out the attribution, so we can't easily tell who
wrote the code you quoted.])
I will be more careful about this.
Thank you !!!

 

[Keith Thompson]

Thank you for all replies.

Walter,I am sorry to do this (Please note, other people are not reading
by threading newsreaders, or might
not have received the previous message yet, or the message might have
expired for them. [I've seen expiration times set as low as 4 hours
on some newsservers.] It is therefore best to include enough context
for people to know what you are talking about.
In this particular case, "its" does not have meaning without the
discussion context. The missing referant is that you are discussing
implementation of OTP (One Time Pads).
[You also left out the attribution, so we can't easily tell who
wrote the code you quoted.])
I will be more careful about this.
Thank you !!!

We appreciate the attempt, but I'm afraid you're still doing it wrong.

If you want to post a followup via groups.google.com, don't use
the broken "Reply" link at the bottom of the article. Click on
"show options" at the top of the article, then click on the
"Reply" at the bottom of the article headers.

This will automatically quote the previous article and provide an
attribution line, all of it formatted properly. (Any decent
newsreader will do this by default; the folks at Google have
idiotically put this vital functionality in a hidden menu.)

 

[Daniel Rudy]

At about the time of 9/17/2005 9:33 PM, (e-mail address removed) stated the
following:

Is there a function to do this ?
with the string parameter,it return the encryption result of the string
?

As pointed out before, MD5 is a hashing algorithm. You can't really use
it for encryption because there is no way to get the data back once it's
hashed...hence the term one-way hash function. It's primary use is to
digitally "sign" things like programs, source code, documents, etc...
That's why when you download source code tarball files, the site also
publishes the MD5 signature to prove that the file was not tampered
with. The publisher generates the signature, and if you run MD5 on the
file, and they don't match, then the file was altered.

If you want encryption, you can use AES with an approperiate sized key
for your applications. Source code is available on the web. There is
also two-fish, blow-fish, RC2, RC4, RC5, idea, and whole slew of others.
I know that RC4 was broken.

Cryptography is off topic in this group. If you want more information
on the subject, then head over to sci.crypt. But, before you do, I
suggest that you read their FAQ here:
http://www.faqs.org/faqs/cryptography-faq/

HTH