WHAT IS MD5? This directory contains source code for the MD5 message-digest algorithm. Essentially, MD5 reads data and calculates a cryptographic "checksum" that is, as far as anyone knows today, very hard to duplicate. Just as traditional checksums are used to gain confidence that a file has not been accidentally modified, say when transmitted over a phone line, MD5 is used to gain confidence that a file has not been *intentionally* modified, say to install a Trojan horse. "Very hard" in this case means that currently no one knows how to modify an arbitrary file without changing its MD5 checksum. Researchers continues to try, of course, and are making some progress towards the eventual goal of "breaking" MD5, but it is still considered quite strong enough for most uses. If the data you are protecting is highly valuable then, as always, you should enlist the services of a competent cryptographer to identify the precise risks from using this or any other cryptographic algorithm. MD5.tar.Z is a compressed tar file of all the other files in this directory. IS MD5 PATENTED? DO I NEED A LICENSE TO USE IT? "No" and "no". "md5-announcement.txt" is the announcement from RSA Data Security that MD5 is being placed in the public domain for free general use. Anyone may write a program implementing the MD5 algorithm for any purpose. RSA has written a reference implementation which is the source code in this directory. This source code is copyrighted by RSA. Here are the few copyright restrictions *with using this source code*. There is no restriction on any code which implements MD5 that you write yourself. > Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All > rights reserved. > > License to copy and use this software is granted provided that it > is identified as the "RSA Data Security, Inc. MD5 Message-Digest > Algorithm" in all material mentioning or referencing this software > or this function. > > License is also granted to make and use derivative works provided > that such works are identified as "derived from the RSA Data > Security, Inc. MD5 Message-Digest Algorithm" in all material > mentioning or referencing the derived work. > > RSA Data Security, Inc. makes no representations concerning either > the merchantability of this software or the suitability of this > software for any particular purpose. It is provided "as is" > without express or implied warranty of any kind. > > These notices must be retained in any copies of any part of this > documentation and/or software. WHY ARE THESE FILES HERE? WHAT CHANGES HAVE YOU MADE? "rfc1321.txt" is the RFC that describes in detail the MD5 message-digest algorithm. (MD2 is described in RFC1319 and MD4 in RFC1320.) Unfortunately, the text is formatted for printing so is not directly compilable (due to page numbers, etc.). Years ago, to encourage the use of MD5, I collected these files into a form that could easily be compiled. Because one intended use of MD5 is to help detect modified code, I intentionally made as few modifications to the original code in the RFC as possible so that it could be easily compared to the RFC. There are now other more efficient versions of MD5 available from other sources and I have taken the liberty to incorporate a few selected modifications as described below. The *.[ch] files were taken directly from RFC 1321. Since the RFC did not include a makefile, I wrote a simple one to build and test the md5 executable. Run "make" to just make the MD5 binary or "make test" to make and test it. There is a typo in the RFC Appendix A.4 (mddriver.c). Line 20 sets MD to "MD5" by default, but the code wants MD to be set to one of "2", "4", or "5". I put a -DMD=5 in the Makefile to mask this problem so that that portion of the code itself remains unchanged from what is in RFC 1321. Ric Anderson, ric@Artisoft.COM, provided a bug fix to the timing test code that caused a divide by zero aborts on a Sun sparc station-10 running solaris 2.3. This fix just corrects only a problem with the timing tests; no change to the code that implements the actual checksum has been made. Ric has also provided a man page - "md5.1". A postscript version of this man page is in "md5.1.ps" and a text version in "md5.1.txt". Larry Schwimmer (schwim@cyclone.stanford.edu), Gyula Szokoly (szgyula@skysrv.Pha.Jhu.EDU), and others sent in fixes to global.h and mddriver.c so that it would work under OSF/1 and on 64-bit architecture machines. On these machines, a "long" is not 4 bytes so the #define for UINT4 needs to be "int" instead of "long int". WHAT ABOUT EXPORT CONTROL? A question I am often asked is whether or not MD5 can be exported from the United States. This is an understandable concern given the export debate in this country. The answer is, happily, "yes". Here is the explanation from the US Department of State with a reference for those whose lawyers require checking such things: "... MD-5, N-HASH, and SHS are 'hashing routines' that perform a data authentication function and, by themselves, are not controlled for export under the ITAR because cryptographic software that is solely limited to a data authentication function is excluded from Category XIII(b) of the United States Munitions List. See 22 C.F.R. Section 121.1 XIII(b)(vi)." Source: Karn v. US Department of State, "JOINT STATEMENT OF FACTS NOT IN DISPUTE", Civ. A. No. 95-1812(CRR), US District Court for the District of Columbia. Enjoy! -- Jim Ellis (jte@cert.org) March 1998