TIdHashMessageDigest5 is a
TIdHashMessageDigest descendant that implements the RSA-MD5 encryption algorithm as described in the Internet Standards document:
- RFC 1321 - The MD5 Message-Digest Algorithm (http://www.rfc-editor.org/rfc/rfc1321.txt)
TIdHashMessageDigest5 implements the MD5 algorithm used for digital signature applications, where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA. The RSA-MD5 algorithm takes an input message of an arbitrary length and produces a 128-bit "fingerprint" or "message digest" of the input.
The MD5 algorithm is an extension of the MD4 message-digest algorithm. MD5 is slightly slower than MD4, but is more "conservative" in design. MD5 exists to compensate for potential security holes that exist in MD4. The MD5 algorithm differs from MD4 in the following ways:
- A fourth round operation is added to the algorithm.
- Each step now has a unique additive constant.
- Rounding in second step of the algorithm has been made less symmetrical than it's MD4 predecessor.
- Each step accumulates the result of the previous step promoting an "avalanche effect".
- The input word order in rounds 2 and 3 is changed to make these patterns less predictable and repetitive.
- The shift amounts in each round have been approximately optimized, to yield a faster "avalanche effect." The shifts in each of the rounds is distinct.
TIdHashMessageDigest5 can be used in various cryptography implementations that require the RSA-MD5 algorithm. Some MD5 implementations are described in the following documents:
- RFC 1828 - IP Authentication using Keyed MD5 (http://www.rfc-editor.org/rfc/rfc1828.txt)
- RFC 1864 - The Content-MD5 Header Field (http://www.rfc-editor.org/rfc/rfc1864.txt)
- RFC 2082 - RIP-2 MD5 Authentication (http://www.rfc-editor.org/rfc/rfc2082.txt)
- RFC 2085 - HMAC-MD5 IP Authentication with Replay Prevention (http://www.rfc-editor.org/rfc/rfc2085.txt)
- RFC 2385 - Protection of BGP Sessions via the TCP MD5 Signature Option (http://www.rfc-editor.org/rfc/rfc2385.txt)
- RFC 2537 - RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) (http://www.rfc-editor.org/rfc/rfc2537.txt)
The MD5 algorithm has been placed in the public domain.