Download Hash Functions and Message Digests: Concepts, Uses, and Algorithms (CS 4237) and more Exams Cryptography and System Security in PDF only on Docsity! 1 CS 4237 Hashes and Message Digests Hashes Hash is also called message digest One-way function: d=h(m) but no h’(d)=m Cannot find the message given a digest Cannot find m1, m2, where d1=d2 Arbitrary-length message to fixed-length digest Randomness any bit in the outputs ‘1’ half the time each output: 50% ‘1’ bits 2 Birthday Problem Compute probability of different birthdays Random sample of n people (birthdays) taken from k (365) days kn samples with replacement (k)n=k(k-1)…(k-n+1) sample without replacement Probability of no repetition: p = (k)n/kn ≈ 1 - n(n-1)/2k How Many Bits for Hash? m bits, takes 2m/2 to find two with the same hash 64 bits, takes 232 messages to search (doable) Need at least 128 bits 5 MD2 128-bit message digest: Arbitrary number of bytes of message First pad to multiple of 16 bytes Append MD2 checksum (16 bytes) to the end The checksum is almost a MD, but not cryptographically secure by itself. Process whole message MD2 Checksum One byte at a time, k × 16 steps mnk: byte nk of message cn=π(mnk ⊕ cn-1) ⊕ cn π : 0 → 41, 1 → 46, … Substitution on 0-255 (value of the byte) 6 MD2 Final Pass Operate on 16-byte chunks 48-byte quantity q: (current digest|chunk|digest⊕chunk) 18 passes of massaging over q, and one byte at a time: cn=π(cn-1) ⊕ cn for n = 0, … 47; c-1 = 0 for pass 0; c-1 = (c47 + pass #) mod 256 After pass 17, use first 16 bytes as new digest 16 × 8 = 128 MD5: Message Digest Version 5 input Message Output 128 bits Digest 7 MD5 Box Initial 128-bit vector 512-bit message chunks (16 words) 128-bit result F: (x∧y)∨(~x ∧ z) G:(x ∧ z) ∨(y ∧~ z) H:x⊕y⊕ z I: y⊕(x ∧ ~z) +: binary sum x↵y: x left rotate y bits MD5: Padding input Message Output 128 bits Digest Padding512 bit block Initial Value 1 2 3 4 Final Output MD5 Transformation block by block 10 Different Passes... Different functions and constants are used Different set of mi is used Different set of shift amount is used Functions and Random Numbers F(x,y,z) == (x∧y)∨(~x ∧ z) selection function G(x,y,z) == (x ∧ z) ∨(y ∧~ z) H(x,y,z) == x⊕y⊕ z I(x,y,z) == y⊕(x ∧ ~z) Ti = int(232 * abs(sin(i))), 0<i<65 11 Secure Hash Algorithm Developed by NIST, specified in the Secure Hash Standard (SHS, FIPS Pub 180), 1993 SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST General Logic Input message must be < 264 bits not really a problem Message is processed in 512-bit blocks sequentially Message digest is 160 bits SHA design is similar to MD5, but a lot stronger 12 Basic Steps Step1: Padding Step2: Appending length as 64 bit unsigned Step3: Initialize MD buffer 5 32-bit words A|B|C|D|E A = 67452301 B = efcdab89 C = 98badcfe D = 10325476 E = c3d2e1f0 Basic Steps... Step 4: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each. Each step t (0 <= t <= 79): Input: Wt – a 32-bit word from the message Kt – a constant. ABCDE: current MD. Output: ABCDE: new MD.