1 / 29

Hashes and Message Digests

Hashes and Message Digests. Hash. Message of arbitrary length. A fixed-length short message. Hash h. Also known as Message digest One-way function Function: input message -> output One-way: d=h(m), but not h’(d) = m Computationally infeasible find the message given the digest

uttara
Download Presentation

Hashes and Message Digests

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hashes and Message Digests

  2. Hash Message of arbitrary length A fixed-length short message Hash h • Also known as • Message digest • One-way function • Function: input message -> output • One-way: d=h(m), but not h’(d) = m • Computationally infeasible find the message given the digest • Cannot find m1 and m2, where d1 = d2 • Randomness: • Any bit in the output ‘1’ half the time • Each output: 50% ‘1’ bits

  3. Birthday Paradox • What is the minimum value of n such that the probability is greater than 0.5 that at least two people in a group of n people have the same birthday? • Ignore Feb. 29 and assume each birthday is equally likely • Probability of n people having n different birthdays: • Probability that at least two people have the same birthdays: • 1 - • n is about 23

  4. Generalization of Birthday Problem • Compute probability of different birthdays • Random samples of n people (birthdays) taken from d (365) days • What is the minimum value of n such that the probability is greater than 0.5 that there is at least one duplicate? • P(n, d) = 1 – • For large n and d, we have • n = 1.2 * d1/2 • Implication • We expect to obtain the same output after about 1.2 *d1/2 trials http://www.rsasecurity.com/rsalabs/node.asp?id=2205

  5. How many bits for hash? • m bits, takes 2m/2 to find two with the same hash • 64 bits, takes 232 messages to search (doable) • Need at least 128 bits • Example use • Fingerprint a program/document: attackers cannot find a different program with the same message digest

  6. Hash used for Authentication • Alice and Bob share a secret KAB Alice Bob rA MD(KAB|rA) rB MD(KAB|rB)

  7. Computing a MAC with a HASH • Cannot just compute MD(m) • Anyone can compute MD(m) • MAC: MD(KAB|m) • Allows concatenation with additional message: MD(KAB|m|m’) • MD through chunk n depends on MD through chunks n-1 and the data in chunk n • 512-bit blocks, append (message length, pad) • How to solve? • Put secret at the end of message: • MD(m| KAB) • Use only half the bits of the message digest as the MAC • Concatenate the secret to both the front and the back of the message

  8. Encryption with a Message Digest • One-time pad: • compute bit streams using MD, K, and IV • b1=MD(KAB|IV), bi=MD(KAB|bi-1), … •  with message blocks • Mixing in the plaintext • similar to cipher feedback mode (CFB) • b1=MD(KAB|IV), c1= p1 b1 • b2=MD(KAB| c1), c2= p2 b2 • ….

  9. Modern Hash Functions • MD5 • Previous versions (MD2, MD4) have weaknesses • SHA-1 • Secure Hash Algorithms

  10. MD2 • 128-bit message digest • Arbitrary number of octets • Message is padded to be a multiple of 16 octets • Append MD2 checksum (16 octets) (a strange function of the padded message) to the end • Process the whole message 16 octets at a time • Each intermediate value depends on • Previous intermediate value • The value of the 16 octets of the message being processed

  11. MD2 Padding

  12. MD2 Checksum

  13. MD2  Substitution Table

  14. MD2 Checksum • One byte at a time, k 16 steps • mnk: byte nk of message • cn=(mnk cn-1)  cn •  : 0  41, 1  46, … • Substitution on 0-255 (value of the byte)

  15. MD2 Final Pass

  16. MD2 Final Pass • Operate on 16-byte chunks • 48-byte quantity q: • (current digest|chunk|digestchunk) • 18 passes of massaging over q, and one byte at a time: • cn=(cn-1)  cn for n = 0, … 47; c-1 = 0 for pass 0; c-1 = (c47 + pass #) mod 256 • After pass 17, use first 16 bytes as new digest • 16  8 = 128

  17. Overview of MD4, MD5, and SHA-1 MD of MD4/MD5: 128 bit, MD of SHA-1: 160-bit

  18. Padding for MD4, MD5, and SHA-1

  19. MD5 Process • As many stages as the number of 512-bit blocks in the final padded message • Digest: 4 32-bit words: MD=d0|d1|d2|d3 • Every message block contains 16 32-bit words: m0|m1|m2…|m15 • Digest MD0 initialized to: d0=67452301,d1=efcdab89,d2=98badcfe, d3=10325476 • Every stage consists of 4 passes over the message block, each modifying MD • operations

  20. Constants of MD5 Ti = 232sin i

  21. MD5 Message Digest Pass 1 • For each integer i from 0 through 15 (i)

  22. MD5 Message Digest Pass 2 • For each integer i from 0 through 15

  23. MD5 Message Digest Pass 3 • For each integer i from 0 through 15

  24. MD5 Message Digest Pass 4 • For each integer i from 0 through 15

  25. SHA-1 • Developed by NIST • SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST • Take a message of length at most 264 bits and produces a 160-bit output. • SHA design is similar to MD5, but a lot stronger • Make five passes over each block of data

  26. SHA-1 cont’d • Step 1: Message Padding – same as MD5 • Step 2: Initialize MD buffer 5 32-bit words A|B|C|D|E A = 67452301 B = efcdab89 C = 98badcfe D = 10325476 E = c3d2e1f0

  27. SHA-1 operation on a 512-bit Block • Step 3: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each. Each step t (0 <= t <= 79): • Input: • Wt – a 32-bit word from the message • Kt – a constant. • ABCDE: current MD. • Output: • ABCDE: new MD • Only 4 per-round distinctive additive constants 0 <=t<= 19 Kt = 5A827999 20<=t<=39 Kt = 6ED9EBA1 40<=t<=59 Kt = 8F1BBCDC 60<=t<=79 Kt = CA62C1D6 • Only 3 different functions Round Function ft(B,C,D) 0 <=t<= 19 (BC)(~B D) 20<=t<=39 BCD 40<=t<=59 (BC)(BD)(CD) 60<=t<=79 BCD

  28. SHA-1 cont’d Inner Loop of SHA-1 – 80 Iterations per Block

  29. HMAC

More Related