Message Authentication

Message Authentication and MD5 hashing

     The Unix operating systems are widely known to use a hashed value for password authentication. The passwd file contains user password codes that are generated by taking the users password (text) and parsing it with a one-way mathematical function, thus giving the hashed password code. This code is a combination of letters, numbers, and symbols (ASCII) that cannot be parsed backwards through the function (known or unknown) to arrive at the original text. This is useful so that system users can use their usual and personal passwords without worrying about system administrators knowing their "favorite" password for other systems or personal bank accounts, etc.. The other obvious difference is that the password cannot be obtained by someone who intends to compromise the system.

     A popular algorithm for hashing passwords (or other data structures) is the MD5 algorithm. This algorithm will read a data structure and generate a code that is unique to that data structure (a fingerprint). For people with access to Unix or Linux machines, one can use the 'md5sum' program. The complete usage of the md5sum program is beyond the scope of this document, however one can obtain full usage information from the md5sum manual (% man md5sum).

     If you are interested in seeing how a password is hashed, you can open an editor, type a password or passphrase, save the file, and hash it with the md5sum program. The fingerprint or hash output of the program would be the equivalent of what would be in the passwd (or shadow) file. You can the duplicate this action by typing out the same password and piping it to the md5sum program.

To output a file:
	% md5sum passfile

To pipe the password:
	% echo "This is my passphrase" | md5sum -

Message authentication can be accomplished with the md5sum program. It is obviously more trouble than the public key authentication system but is nearly equivalent when you consider the process of authenticating public key fingerprints; the main difference is that the public key fingerprint verification process is a one-time process.

To use md5sum for message authentication, you would open your editor, type the letter, save as a file, and then get a fingerprint of the file with md5sum. Once the recipient received the letter (or file), they would get a fingerprint of the file on their machine with md5sum, call you and verify the fingerprint.