- 131 Views
- Uploaded on
- Presentation posted in: General

Why Computer Security

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

- The past decade has seen an explosion in the concern for the security of information
- Malicious codes (viruses, worms, etc.) caused over $28 billion in economic losses in 2003 and $67 billion in 2006!

- Security specialists markets are expanding !
- “Salary Premiums for Security Certifications Increasing” (Computerworld 2007)
- Up to 15% more salary
- Demand is being driven not only by compliance and government regulation, but also by customers who are "demanding more security" from companies

- US Struggles to recruit compute security experts (Washington Post Dec. 23 2009)

- “Salary Premiums for Security Certifications Increasing” (Computerworld 2007)

1

- Internet attacks are increasing in frequency, severity and sophistication
- The number of scans, probes, and attacks reported to the DHS has increased by more than 300 percent from 2006 to 2008.
- Karen Evans, the Bush administration's information technology (IT) administrator, points out that most federal IT managers do not know what advanced skills are required to counter cyberattacks.

2

- Virus and worms faster and powerful
- Cause over $28 billion in economic losses in 2003, growing to over $75 billion in economic losses by 2007.
- Code Red (2001): 13 hours infected >360K machines - $2.4 billion loss
- Slammer (2003): 15 minutes infected > 75K machines - $1 billion loss

- Spams, phishing …
- New Internet security landscape emerging: BOTNETS !
- Conficker/Downadup (2008): infected > 10M machines
- MSFT offering $250K reward

- Conficker/Downadup (2008): infected > 10M machines

3

- History of Security and Definitions
- Overview of Cryptography
- Symmetric Cipher
- Classical Symmetric Cipher
- Modern Symmetric Ciphers (DES and AES)

- Asymmetric Cipher
- One-way Hash Functions and Message Digest

4

- For a long time, security was largely ignored in the community
- The computer industry was in “survival mode”, struggling to overcome technological and economic hurdles
- As a result, a lot of comers were cut and many compromises made
- There was lots of theory, and even examples of systems built with very good security, but were largely ignored or unsuccessful
- E.g., ADA language vs. C (powerful and easy to use)

5

- Computers today are far from “survival mode”
- Performance is abundant and the cost is very cheap
- As a result, computers now ubiquitous at every facet of society

- Internet
- Computers are all connected and interdependent
- This codependency magnifies the effects of any failures

6

- Computing today is very homogeneous.
- A single architecture and a handful of OS dominates

- In biology, homogeneous populations are in danger
- A single disease or virus can wipe them out overnight because they all share the same weakness
- The disease only needs a vector to travel among hosts

- Computers are like the animals, the Internet provides the vector.
- It is like having only one kind of cow in the world, and having them drink from one single pool of water!

7

8

- Slammer worm infected 75,000 machines in <15 minutes
- A properly designed worm, flash worm, can take less than 1 second to compromise 1 million vulnerable machines in the Internet
- The Top Speed of Flash Worms. S. Staniford, D. Moore, V. Paxson and N. Weaver, ACM WORM Workshop 2004.
- Exploit many vectors such as P2P file sharing, intelligent scanning, hitlists, etc.

9

- Security is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable
- Security rests on confidentiality, authenticity, integrity, and availability

10

- Confidentiality is the concealment of information or resources.
- E.g., only sender, intended receiver should “understand” message contents

- Authenticity is the identification and assurance of the origin of information.
- Integrity refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
- Availability refers to the ability to use the information or resource desired.

11

- A threat/vulnerability is a potential violation of security.
- Flaws in design, implementation, and operation.

- An attack is any action that violates security.
- Active adversary

- An attack has an implicit concept of “intent”
- Router mis-configuration or server crash can also cause loss of availability, but they are not attacks

12

- well-known in network security world
- Bob, Alice (lovers!) want to communicate “securely”
- Trudy (intruder) may intercept, delete, add messages

Alice

Bob

data, control messages

channel

secure

sender

secure

receiver

data

data

Trudy

13

- Unauthorized access to information
- Packet sniffers and wiretappers
- Illicit copying of files and programs

B

A

Eavesdropper

14

- Stop the flow of the message
- Delay and optionally modify the message
- Release the message again

B

A

Perpetrator

15

- Unauthorized assumption of other’s identity
- Generate and distribute objects under this identity

B

A

Masquerader: from A

16

B

A

- Destroy hardware (cutting fiber) or software
- Modify software in a subtle way (alias commands)
- Corrupt packets in transit
- Blatant denial of service (DoS):
- Crashing the server
- Overwhelm the server (use up its resource)

17

- Passive attacks - eavesdropping on, or monitoring of, transmissions to:
- obtain message contents, or
- monitor traffic flows

- Active attacks – modification of data stream to:
- masquerade of one entity as some other
- replay previous messages
- modify messages in transit
- denial of service

18

Please classify each of the following as a violation of confidentiality, integrity, availability, authenticity, or some combination of these

- John copies Mary’s homework.
- Paul crashes Linda’s system.
- Gina forges Roger’s signature on a deed.

19

- Overview of Cryptography
- Symmetric Cipher
- Classical Symmetric Cipher
- Modern Symmetric Ciphers (DES and AES)

- Asymmetric Cipher
- One-way Hash Functions and Message Digest

20

- plaintext - the original message
- ciphertext - the coded message
- cipher - algorithm for transforming plaintext to ciphertext
- key - info used in cipher known only to sender/receiver
- encipher (encrypt) - converting plaintext to ciphertext
- decipher (decrypt) - recovering ciphertext from plaintext
- cryptography - study of encryption principles/methods
- cryptanalysis (codebreaking) - the study of principles/ methods of deciphering ciphertext without knowing key
- cryptology - the field of both cryptography and cryptanalysis

21

- Number of keys used
- Hash functions: no key
- Secret key cryptography: one key
- Public key cryptography: two keys - public, private

- Type of encryption operations used
- substitution / transposition / product

- Way in which plaintext is processed
- block / stream

22

- Secret algorithm: additional hurdle
- Hard to keep secret if used widely:
- Reverse engineering, social engineering

- Commercial: published
- Wide review, trust

- Military: avoid giving enemy good ideas

23

- Unconditional security
- No matter how much computer power is available, the cipher cannot be broken
- The ciphertext provides insufficient information to uniquely determine the corresponding plaintext

- Computational security
- The cost of breaking the cipher exceeds the value of the encrypted info
- The time required to break the cipher exceeds the useful lifetime of the info

24

- Always possible to simply try every key
- Most basic attack, proportional to key size
- Assume either know / recognise plaintext

25

- Overview of Cryptography
- Classical Symmetric Cipher
- Substitution Cipher
- Transposition Cipher

- Modern Symmetric Ciphers (DES and AES)
- Asymmetric Cipher
- One-way Hash Functions and Message Digest

26

27

- Two requirements for secure use of symmetric encryption:
- a strong encryption algorithm
- a secret key known only to sender / receiver
Y = EK(X)

X = DK(Y)

- Assume encryption algorithm is known
- Implies a secure channel to distribute key

28

- Letters of plaintext are replaced by other letters or by numbers or symbols
- Plaintext is viewed as a sequence of bits, then substitution replaces plaintext bit patterns with ciphertext bit patterns

29

- Earliest known substitution cipher
- Replaces each letter by 3rd letter on
- Example:
meet me after the toga party

PHHW PH DIWHU WKH WRJD SDUWB

30

- Define transformation as:
a b c d e f g h i j k l m n o p q r s t u v w x y z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

- Mathematically give each letter a number
a b c d e f g h i j k l m

0 1 2 3 4 5 6 7 8 9 10 11 12

n o p q r s t u v w x y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

- Then have Caesar cipher as:
C = E(p) = (p + k) mod (26)

p = D(C) = (C – k) mod (26)

31

- Only have 25 possible ciphers
- A maps to B,..Z

- Given ciphertext, just try all shifts of letters
- Do need to recognize when have plaintext
- E.g., break ciphertext "GCUA VQ DTGCM“
- How to make it harder?

32

- Rather than just shifting the alphabet
- Could shuffle (jumble) the letters arbitrarily
- Each plaintext letter maps to a different random ciphertext letter
- Key is 26 letters long
Plain: abcdefghijklmnopqrstuvwxyz

Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN

Plaintext: ifwewishtoreplaceletters

Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA

33

- Now have a total of 26! = 4 x 1026 keys
- Is that secure?
- Problem is language characteristics
- Human languages are redundant
- Letters are not equally commonly used

34

Note that all human languages have varying letter frequencies, though the number of letters and their frequencies varies.

35

- Given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

- Count relative letter frequencies (see text)
- Guess P & Z are e and t
- Guess ZW is th and hence ZWP is the
- Proceeding with trial and error finally get:
it was disclosed yesterday that several informal but

direct contacts have been made with political

representatives of the viet cong in moscow

36

- Now consider classical transposition or permutation ciphers
- These hide the message by rearranging the letter order, without altering the actual letters used
- Any shortcut for breaking it?
- Can recognise these since have the same frequency distribution as the original text

37

- Write message letters out diagonally over a number of rows
- Then read off cipher row by row
- E.g., write message out as:
m e m a t r h t g p r y

e t e f e t e o a a t

- Giving ciphertext
MEMATRHTGPRYETEFETEOAAT

38

- Ciphers using substitutions or transpositions are not secure because of language characteristics
- Hence consider using several ciphers in succession to make harder, but:
- Two substitutions make another substitution
- Two transpositions make a more complex transposition
- But a substitution followed by a transposition makes a new much harder cipher

- This is bridge from classical to modern ciphers

39

- Overview of Cryptography
- Classical Symmetric Cipher
- Modern Symmetric Ciphers (DES/AES)
- Asymmetric Cipher
- One-way Hash Functions and Message Digest

40

- Block ciphers process messages in into blocks, each of which is then en/decrypted
- Like a substitution on very big characters
- 64-bits or more

- Stream ciphers process messages a bit or byte at a time when en/decrypting
- Many current ciphers are block ciphers, one of the most widely used types of cryptographic algorithms

41

- Most symmetric block ciphers are based on a Feistel Cipher Structure
- Block ciphers look like an extremely large substitution
- Would need table of 264 entries for a 64-bit block
- Instead create from smaller building blocks
- Using idea of a product cipher

42

43

- Process through multiple rounds which
- partitions input block into two halves
- perform a substitution on left data half
- based on round function of right half & subkey
- then have permutation swapping halves

44

45

- Published in 1977, standardized in 1979.
- Key: 64 bit quantity=8-bit parity+56-bit key
- Every 8th bit is a parity bit.

- 64 bit input, 64 bit output.

64 bit M

64 bit C

DES

Encryption

56 bits

46

56-bit Key

64-bit Input

48-bit K1

Generate keys

Permutation

Initial Permutation

48-bit K1

Round 1

48-bit K2

Round 2

…...

48-bit K16

Round 16

Swap 32-bit halves

Swap

Final Permutation

Permutation

64-bit Output

47

- Simple, easy to implement:
- Hardware/gigabits/second, software/megabits/second

- 56-bit key DES may be acceptable for non-critical applications but triple DES (DES3) should be secure for most applications today
- Supports several operation modes (ECB CBC, OFB, CFB) for different applications

48

- Key desirable property of encryption alg
- Where a change of one input or key bit results in changing more than half output bits
- DES exhibits strong avalanche

49

- 56-bit keys have 256 = 7.2 x 1016 values
- Brute force search looks hard
- Recent advances have shown is possible
- in 1997 on a huge cluster of computers over the Internet in a few months
- in 1998 on dedicated hardware called “DES cracker” by EFF in a few days ($220,000)
- in 1999 above combined in 22hrs!

- Still must be able to recognize plaintext
- No big flaw for DES algorithms

50

- Triple-DES (3DES)
- 168-bit key, no brute force attacks
- Underlying encryption algorithm the same, no effective analytic attacks
- Drawbacks
- Performance: no efficient software codes for DES/3DES
- Efficiency/security: bigger block size desirable

- Advanced Encryption Standards (AES)
- US NIST issued call for ciphers in 1997
- AES was selected in Oct-2000

51

- Private key symmetric block cipher
- 128-bit data, 128/192/256-bit keys
- Stronger & faster than Triple-DES
- Provide full specification & design details
- Evaluation criteria
- Security: effort to practically cryptanalysis
- Cost: computational efficiency and memory requirement
- Algorithm & implementation characteristics: flexibility to apps, hardware/software suitability, simplicity

52

- After testing and evaluation, shortlist in Aug-99:
- MARS (IBM) - complex, fast, high security margin
- RC6 (USA) - v. simple, v. fast, low security margin
- Rijndael (Belgium) - clean, fast, good security margin
- Serpent (Euro) - slow, clean, v. high security margin
- Twofish (USA) - complex, v. fast, high security margin

- Then subject to further analysis & comment

53

- Symmetric Cipher
- Classical Symmetric Cipher
- Modern Symmetric Ciphers (DES and AES)

- Asymmetric Cipher
- One-way Hash Functions and Message Digest

54

- Private/secret/single key cryptography uses one key
- Shared by both sender and receiver
- If this key is disclosed communications are compromised
- Also is symmetric, parties are equal
- Hence does not protect sender from receiver forging a message & claiming is sent by sender

55

- Probably most significant advance in the 3000 year history of cryptography
- Uses two keys – a public & a private key
- Asymmetric since parties are not equal
- Uses clever application of number theoretic concepts to function
- Complements rather than replaces private key crypto

56

- Public-key/two-key/asymmetric cryptography involves the use of two keys:
- a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures
- a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

- Asymmetric because
- those who encrypt messages or verify signatures cannot decrypt messages or create signatures

57

58

- Public-Key algorithms rely on two keys with the characteristics that it is:
- computationally infeasible to find decryption key knowing only algorithm & encryption key
- computationally easy to en/decrypt messages when the relevant (en/decrypt) key is known
- either of the two related keys can be used for encryption, with the other used for decryption (in some schemes)

- Analogy to delivery w/ a padlocked box

59

- Two major applications:
- encryption/decryption (provide secrecy)
- digital signatures (provide authentication)

60

- The most popular one.
- Support both public key encryption and digital signature.
- Assumption/theoretical basis:
- Factoring a big number is hard.

- Variable key length (usually 1024 bits).
- Plaintext block size.
- Plaintext must be “less or equal” than the key.
- Ciphertext block size is the same as the key length.

61

- To generate key pair:
- Pick large primes (>= 512 bits each) p and q
- Let n = p*q, keep your p and q to yourself!
- For public key, choose e that is relatively prime to ø(n) =(p-1)(q-1), let pub = <e,n>
- For private key, find d that is the multiplicative inverse of e mod ø(n),i.e., e*d = 1 mod ø(n), let priv = <d,n>

62

- Select primes: p=17 & q=11
- Computen = pq =17×11=187
- Computeø(n)=(p–1)(q-1)=16×10=160
- Select e : gcd(e,160)=1; choose e=7
- Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 10×160+1
- Publish public key KU={7,187}
- Keep secret private key KR={23,17,11}

63

- Given pub = <e, n> and priv = <d, n>
- encryption: c = me mod n, m < n
- decryption: m = cd mod n
- signature: s = md mod n, m < n
- verification: m = se mod n

- given message M = 88 (nb. 88<187)
- encryption:
C = 887 mod 187 = 11

- decryption:
M = 1123 mod 187 = 88

64

- Factoring 1024-bit number is very hard!
- But if you can factor big number n then given public key <e,n>, you can find d, hence the private key by:
- Knowing factors p, q, such that, n= p*q
- Then ø(n) =(p-1)(q-1)
- Then d such that e*d = 1 mod ø(n)

- Threat
- Moore’s law
- Refinement of factorizing algorithms

- For the near future, a key of 1024 or 2048 bits needed

65

- Exponentiation of RSA is expensive !
- AES and DES are much faster
- 100 times faster in software
- 1,000 to 10,000 times faster in hardware

- RSA often used in combination in AES and DES
- Pass the session key with RSA

66

- History of Security and Definitions
- Overview of Cryptography
- Symmetric Cipher
- Classical Symmetric Cipher
- Modern Symmetric Ciphers (DES and AES)

- Asymmetric Cipher
- One-way Hash Functions and Message Digest

67

- Symmetric cipher ?
- Shared key problem
- Plaintext has to be intelligible/understandable

- Asymmetric cipher?
- Too expensive
- Plaintext has to be intelligible/understandable
- Desirable to cipher on a much smaller size of data which uniquely represents the long message

68

- Condenses arbitrary message to fixed size
h = H(M)

- Usually assume that the hash function is public and not keyed
- Hash used to detect changes to message
- Can use in various ways with message
- Most often to create a digital signature

69

70

- Can be applied to any sized message M
- Produces fixed-length output h
- Is easy to compute h=H(M) for any message M
- Given h is infeasible to find x s.t. H(x)=h
- One-way property

- Given x is infeasible to find y s.t. H(y)=H(x)
- Weak collision resistance

- Is infeasible to find any x,y s.t. H(y)=H(x)
- Strong collision resistance

71

- How many people do you need so that the probability of having two of them share the same birthday is > 50% ?
- Random sample of n birthdays (input) taken from k (365, output)
- kn total number of possibilities
- (k)n=k(k-1)…(k-n+1) possibilities without duplicate birthday
- Probability of no repetition:
- p = (k)n/kn 1 - n(n-1)/2k

- For k=366, minimum n = 23
- n(n-1)/2 pairs, each pair has a probability 1/k of having the same output
- n(n-1)/2k > 50% n>k1/2

72

- m bits, takes 2m/2 to find two with the same hash
- 64 bits, takes 232 messages to search (doable)
- Need at least 128 bits

73

- Iterative compression function
- Each f is collision-resistant, so is the resulting hashing

74

input Message

Output 128 bits Digest

- Until recently the most widely used hash algorithm
- in recent times have both brute-force & cryptanalytic concerns

- Specified as Internet standard RFC1321

75

76

- Pad message so its length is 448 mod 512
- Append a 64-bit original length value to message
- Initialise 4-word (128-bit) MD buffer (A,B,C,D)
- Process message in 16-word (512-bit) blocks:
- Using 4 rounds of 16 bit operations on message block & buffer
- Add output to buffer input to form new buffer value

- Output hash value is the final buffer value

77

mi

MDi

ABCD=fF(ABCD,mi,T[1..16])

A

C

D

B

ABCD=fG(ABCD,mi,T[17..32])

ABCD=fH(ABCD,mi,T[33..48])

ABCD=fI(ABCD,mi,T[49..64])

+

+

+

+

MD i+1

78

- SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST, 1993
- Input message must be < 264 bits
- not really a problem

- Message is processed in 512-bit blocks sequentially
- Message digest is 160 bits

79

- Brute force attack is harder (160 vs 128 bits for MD5)
- A little slower than MD5 (80 vs 64 steps)
- Both work well on a 32-bit architecture

- Both designed as simple and compact for implementation
- Cryptanalytic attacks
- MD4/5: vulnerability discovered since its design
- SHA-1: no until recent 2005 results raised concerns on its use in future applications

80

- NIST have issued a revision in 2002
- Adds 3 additional hash algorithms
- SHA-256, SHA-384, SHA-512
- Collectively called SHA-2

- Designed for compatibility with increased security provided by the AES cipher
- Structure & detail are similar to SHA-1
- Hence analysis should be similar, but security levels are rather higher

81

Backup Slides

82

Ciphertext only:

Exhaustive search until “recognizable plaintext”

Need enough ciphertext

Known plaintext:

Secret may be revealed (by spy, time), thus <ciphertext, plaintext> pair is obtained

Great for monoalphabetic ciphers

Chosen plaintext:

Choose text, get encrypted

Pick patterns to reveal the structure of the key

83

- If a truly random key as long as the message is used, the cipher will be secure - One-Time pad
- E.g., a random sequence of 0’s and 1’s XORed to plaintext, no repetition of keys
- Unbreakable since ciphertext bears no statistical relationship to the plaintext
- For any plaintext, it needs a random key of the same length
- Hard to generate large amount of keys

- Have problem of safe distribution of key

84

- Before modern ciphers, rotor machines were most common complex ciphers in use
- Widely used in WW2
- German Enigma, Allied Hagelin, Japanese Purple

- Implemented a very complex, varying substitution cipher

85

- Substitution-permutation (S-P) networks [Shannon, 1949]
- modern substitution-transposition product cipher

- These form the basis of modern block ciphers
- S-P networks are based on the two primitive cryptographic operations
- substitution (S-box)
- permutation (P-box)

- provide confusion and diffusion of message

86

- Cipher needs to completely obscure statistical properties of original message
- A one-time pad does this
- More practically Shannon suggested S-P networks to obtain:
- Diffusion – dissipates statistical structure of plaintext over bulk of ciphertext
- Confusion – makes relationship between ciphertext and key as complex as possible

87

1 2 3 4 32

…….

0 0 1 0 1

Input:

1 bit

Output

……..

1 0 1 1 1

22 6 13 32 3

88

Initial Permutation of DES key

C i-1

D i-1

28 bits

28 bits

Circular Left Shift

Circular Left Shift

One

round

Round 1,2,9,16:

single shift

Others: two bits

Permutation

with Discard

48 bits

Ki

C i

D i

28 bits

28 bits

89

32 bits Ln

32 bits Rn

E

One Round

Encryption

48 bits

Mangler

Function

48 bits

Ki

S-Boxes

P

32 bits

32 bits Ln+1

32 bits Rn+1

90

6

6

6

6

6

6

6

6

6

6

6

6

6

6

6

6

4

4

4

4

4

4

4

4

4

4

4

4

4

4

4

4

S1

S2

S3

S4

S5

S6

S7

S8

+

+

+

+

+

+

+

+

Permutation

The permutation produces “spread” among the chunks/S-boxes!

91

Bits Expansion (1-to-m)

1 2 3 4 5 32

Input:

…….

0 0 1 0 1 1

Output

……..

10 0 1 0 1 0 110

1 2 3 4 5 6 7 8 48

92

2 bits

row

I1

I2

I3

I4

I5

I6

S

O1

O2

O3

O4

i

4 bits

column

= 1,…8.

i

- 48 bits ==> 32 bits. (8*6 ==> 8*4)
- 2 bits used to select amongst 4 substitutions for the rest of the 4-bit quantity

93

Each row and column contain different numbers.

0 1 2 3 4 5 6 7 8 9…. 15

0 14 4 13 1 2 15 11 8 3

1 0 15 7 4 14 2 13 1 10

2 4 1 14 8 13 6 2 11 15

3 15 12 8 2 4 9 1 7 5

Example: input: 100110 output: ???

94

- Given original message M, add padding bits “10*” such that resulting length is 64 bits less than a multiple of 512 bits.
- Append (original length in bits mod 264), represented in 64 bits to the padded message
- Final message is chopped 512 bits a block

95

Given pub = <e, n> and priv = <d, n>

n =p*q, ø(n) =(p-1)(q-1)

e*d = 1 mod ø(n)

xed = x mod n

encryption: c = me mod n

decryption: m = cd mod n = med mod n = m mod n = m (since m < n)

digital signature (similar)

96

Assuming share a key KAB

- Alice to Bob: challenge rA
- Bob to Alice: MD(KAB|rA)
- Bob to Alice: rB
- Alice to Bob: MD(KAB|rB)
- Only need to compare MD results

97

One-time pad with KAB

Compute bit streams using MD, and K

b1=MD(KAB), bi=MD(KAB|bi-1), …

with message blocks

Is this a real one-time pad ?

Add a random 64 bit number (aka IV) b1=MD(KAB|IV), bi=MD(KAB|bi-1), …

98

- As many stages as the number of 512-bit blocks in the final padded message
- Digest: 4 32-bit words: MD=A|B|C|D
- Every message block contains 16 32-bit words: m0|m1|m2…|m15
- Digest MD0 initialized to: A=01234567,B=89abcdef,C=fedcba98, D=76543210
- Every stage consists of 4 passes over the message block, each modifying MD

- Each block 4 rounds, each round 16 steps

99

Each step i (1 <= i <= 64):

- Input:
- mi – a 32-bit word from the message
With different shift every round

- Ti – int(232 * abs(sin(i)))
Provided a randomized set of 32-bit patterns, which eliminate any regularities in the input data

- ABCD: current MD

- mi – a 32-bit word from the message
- Output:
- ABCD: new MD

100

- Each round has 16 steps of the form:
a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)

- a,b,c,d refer to the 4 words of the buffer, but used in varying permutations
- note this updates 1 word only of the buffer
- after 16 steps each word is updated 4 times

- where g(b,c,d) is a different nonlinear function in each round (F,G,H,I)

101

102

- F(x,y,z) == (xy)(~x z)
- selection function

- G(x,y,z) == (x z) (y ~ z)
- H(x,y,z) == xy z
- I(x,y,z) == y(x ~z)

103

Step1: Padding

Step2: Appending length as 64 bit unsigned

Step3: Initialize MD buffer 5 32-bit words

Store in big endian format, most significant bit in low address

A|B|C|D|E

A = 67452301

B = efcdab89

C = 98badcfe

D = 10325476

E = c3d2e1f0

104

Step 4: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each.

Each step t (0 <= t <= 79):

- Input:
- Wt – a 32-bit word from the message
- Kt – a constant.
- ABCDE: current MD.

- Output:
- ABCDE: new MD.

105