An implementation of the MD5 Hashing algorithm for efficient password validation and security in Python.
This project was built using an algorithm reference provided by Comparitech (https://www.comparitech.com/blog/information-security/md5-algorithm-with-examples/) to manually implement the MD5 Hashing Algorithm in Python. This functionality not only provides an effective and safe way to validate passwords without conretely storing them on-site, but can also be modified to be used for other applications such as a randomized password generator.
For this project, the focus was placed on developing a login system that relies on the MD5 Hashing algorithm to construct a hash table of all accounts stored within the database and their respective hashes. Then, upon a user login attempt, the system validates the password by converting the inputted password to a hash and performing a comparison on this hash with the respective entry in the hash table.
The purpose of this project is to demonstrate the ability to one-way hash and validate passwords, making it severely challenging to maliciously reverse engineer a hash to a password in the case of a data leak. This is done by implementing the multi-layered and multi-round MD5 Hashing Algorithm that is deterministic but effective in protecting passwords by storing them indirectly.
Please note that some of the following diagrams are supplied by Comparitech, but I found them useful in guiding the logic of my algorithm and thereby desgined the functions in my code to modularize the problem based on the outline they provide. Thus, I have added how the diagrams translate to the different functions in the code as extra text boxes.
In the spirit of modularizing the algorithm, the following step-by-step brief leverages the different functions to break down the problem of hashing a password:
-
First, upon receiving a password input, the algorithm breaks it down into bits (a binary representation) using the functions in utils.py.
-
The algorithm then, depending on the length of the bit string, recursively constructs 512-bit block representations comprised of padded binary bit strings that make up the password. Such Block objects are then stored in an instantiated BlockCollection object, allowing us to traverse the blocks of bits in the next step.
- Next, the algorithm will create the MD5 initialization vectors A, B, C, and D. These vectors will go through four layers of the algorithm per block (denoted by the green box with the label "512-bit message block, M", this corresponds with the green block that will be inputted from the previous step).
Courtesy of Comparitech, function annotations added by me for greater clarity with respect to my Python implementation.
- Each of the layers in the above diagram involve performing a set of operations using a specified collection of K-constants, M-values (each is a word-length [32-bit] substring of the green block from earlier) and shift values from the constant shift map. Each layer will iterate precisely 16 times, feeding the A, B, C, and D vectors through the end of each iteration to the beginning of the next one (and when the layer is done, from the end of that layer to the beginning of the next one). The following is a zoom-in of one such layer:
Courtesy of Comparitech, function annotations added by me for greater clarity with respect to my Python implementation.
- Finally, after going through all the blocks and feeding the resultant A, B, C, and D vectors at the end of each block to the beginning of the process of the next one, the algorithm performs a wrap-up operation to put the vectors together into one, standardized 32-bit hash that is returned. The result? A one-way encrypted password that gets stored and can be accessed from a hash table for many applications, for instance a login database!
This brief overview explains the general structure of how the algorithm works. Within the code, each function is documented to support the description indicated in the Comparitech article. Please refer to the article link for a more in-depth description and the in-line and documentation comments in the code for support.
As previously mentioned, the MD5 Hashing Algorithm is effective in the realm of password validation, but also has other use cases. The login_system.py file is an example of a system that could implement the algorithm, but feel free to create new systems using the MD5 Hashing Algorithm as a base with the following import at the top of the Python file: import hash_main.