1 / 56

Chapter 5 Hashes and Message Digests

Chapter 5 Hashes and Message Digests. Instructor: 孫宏民 hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694. Introduction.

dean-contreras
Download Presentation

Chapter 5 Hashes and Message Digests

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.twRoom: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694

  2. Introduction • A hash (also known as a message digest) is a one-way function. It is considered a one-way because it’s not practical to figure out what input corresponds to a given output. • We will use the term hash and message digest interchangeably. The NIST message digest function is called SHA-1, which stands for secure hash algorithm,whereas the MD in the MD2,MD4,MD5 algorithm stands for message digest.

  3. There certainly will be many message that yield the same message digest, because a message can be of arbitrary length and the message digest will be fixed length, for instance 128bits. • By trying lots of messages, one would eventually find two that mapped to the same message digest. • The problem is that “lots” is so many that it is essentially impossible.

  4. Assume a good 128-bit message digest function, it would take trying approximately 264 message before finding two that had the same digest. (see the birthday problem) • An example use of a message digest is to fingerprint a program or document to detect modification of it.

  5. The Birthday Problem • If there are 23 or more people in a room, the odds are better than 50% that two of them will have the same birthday. • Let’s assume n inputs and k possible outputs, and an unpredictable mapping from input to output. With n inputs, there are n(n-1)/2 pairs of inputs. For each pair there’s a probability of 1/k of both input s producing the same output value, so need about k/2 pairs in order for the probability 50%.

  6. So n(n-1)>k that means if n is greater than , there‘s good chance of finding a matching pair.

  7. How many bits does the output of a message digest function have to be in order to prevent someone from being able to find two message with the same message digest. • If the message digest has m bits, then it would take only about 2m/2 message, chosen at random, before one would find two with the same value. • That is why message digest function have outputs of at least 128 bits, because it is no considered feasible to search 264 message given the current state of the art.

  8. Nifty Thing to Do with a Hash • The significant difference between a secret key algorithm and a message digest algorithm is that a secret key algorithm is designed to be reversible and a message digest algorithm is designed to be impossible to reverse. • In this section we’ll use MD as a “generic” message digest algorithm.

  9. Authentication

  10. Computing a MAC with a Hash • The obvious thought is that MD(m) is a MAC for message m. But it isn’t. anyone can compute MD(m). • We concatenate a shared secret KAB with the message m, and use MD(KAB|m) as the MAC. • Some proposals with no known weaknesses are: • Put the secret at the end of the message instead of at the beginning. • Use only half the bits of the message digest as the MAC

  11. Concatenate the secret to both the front and the back of the message. • We call any hash combining the secret key and the data a keyed hash.

  12. Encryption with a Message Digest • Generating a one-time pad • Just as OFB generates a pseudorandom bit stream which then encrypts a message by simply being ⊕ed with the message, we can use a message digest algorithm to generate a pseudorandom bit stream.

  13. KAB KAB KAB MD MD MD ⊕ ⊕ ⊕ M3 M1 M2 C3 C2 C1 Alice and Bob share a secure key KAB

  14. It is not secure to use the same bit stream twice, so, as with OFB, Alice starts with an IV. The first block is than MD(KAB|IV).

  15. KAB IV KAB KAB MD MD MD ⊕ ⊕ ⊕ M3 M1 M2 C3 C2 C1 • Mixing in the Plaintext • Similar to CFB.

  16. Using Secret Key for a Hash • What we want to generate is a function with the properties of a hash algorithm. It should not require a secret. It should be publishable. It should be noninvertible. • Unix password hash password 7 bits ASCII 56bits key Plaintext:0 Hashed password DES

  17. Hashing large messages

  18. There is a serious problem with this, which is that the typical message block length b is 64 bits, which is too short to use as a message digest. • If we want to find a message with a particular message digest, a technique similar to the one in sector 4.4.1.2 could find a message with a particular 64-bit message digest in about 233 iteration.

  19. MD2 • MD2 takes a message equal to an arbitrary number of octets and produces a 128-bit message digest. • The basic idea behind MD2is as follows: • The input message to MD2 is an arbitrary length. • The message is padded to be multiple of 16 octets. • A 16-octets quantity, which MD2 calls checksum, is appended to the end. • Final pass: the message is processed, 16 octets at a time, each time producing an intermediate result for message digest.

  20. MD2 Padding

  21. MD2 Checksum Computation

  22. MD2 Final Pass

  23. MD4 • The message to be fed into the message digest computation must be a multiple of 512 bits (sixteen 32-bit words)

  24. Overview of MD4 Message Digest Computation

  25. Each stage stars with a 16-word message block and a 4-word message digest value. message called : message digest : The message digest initialized to : Equivalent to the octet string

  26. The following operations we are able to use:

  27. MD4 Message Digest Pass 1 • A function F(x,y,z) is defined as (x⋀y) ⋁(∼x⋀z). This function is sometimes known as the selection function • A separate setp is done for each of the 16 words of the message. For each I from 0 through 15.

  28. MD4 Message Digest Pass 2

  29. MD4 Message Digest Pass 3

  30. MD5 • The major differences are: • MD4 make three passes over each 16-octet chunk of the message. MD5 makes four passes over each 16-octet chunk. • The functions are slightly, as are the number of its in the shifts. • MD4 has one constant which is used for each message word in pass 2, and a different constant in pass 3. no constant is used in pass 1. MD5 using 64 32-bit constant.

  31. MD5 Message Padding

  32. Overview of MD5 Message Digest Computation

  33. Each stage stars with a 16-word message block and a 4-word message digest value. message called : message digest : The message digest initialized to : Equivalent to the octet string

  34. MD5 Message Digest Pass 1 • A function F(x,y,z) is defined as (x⋀y) ⋁(∼x⋀z). This function is sometimes known as the selection function • A separate setp is done for each of the 16 words of the message. For each I from 0 through 15.

  35. MD5 Message Digest Pass 2

  36. MD5 Message Digest Pass 3

  37. MD5 Message Digest Pass 4

  38. SHA-1 • SHA-1 (secure hash algorithm) was proposed by NIST as a message digest function, and takes a message of length at most 264 bits and produces a 160-bit output. • Message padding • SHA-1 pads messages in the same manner as MD4 and MD5, except that SHA-1 is not defined for a message is longer than 264 bits.

  39. SHA-1 message padding

  40. Overview of SHA-1 Message Digest Computation

More Related