Information and Computer Security CPIS 312 Lab 9 MAC & HASH FUNCTION TRIGUI Mohamed Salim

Lab Objectives To know what hashing is for Practice how to implement MD cipher

What is a Hash Function Cryptographic hash function is another type of cryptographic algorithm. A (one-way) hash function takes variable length input and produces a fixed length output called hash value. Also known as “message digest” or digest. The hash function ensures that if the information has changed, an entirely different output value will be produced.

What is a Hash Function Hash Function maps any message of any length, to an element in a different set. 2 different messages could map to the same value Uses of hash functions are with digital signatures and for data integrity.

Common hash algorithms

Technical Definition of MDAs Message Message digest algorithms take a message of arbitrary size and create a digest of fixed size. The algorithm takes the message and splits it into blocks of equal length (the block size of the algorithm) The last block is padded, with a total message length attached Each block is sent through the function in order. After all blocks are processed, the fixed digest value is retrieved <264 … Block 0 Block 1 Block 2 Block n H(x) In practice, the algorithm has some practical limit on the message size (SHA is limited to 2^64 bits) We are all familiar with Hash Tables from data structures? Or a Hash Map? Digest Value

Message authentication code MAC MAC is an algorithm that requires the use of a secret key. MAC takes a variable-length message and a secret key as input and produces an authentication code. Typically, MAC are used between two parties, say Alice and Bob, that share a secret key K in order to validate information transmitted between these parties. When Alice has a message to send to Bob, she calculates the MAC as a function of the message and the key: MAC = C(K, M) where M=input message, C=MAC function, K=shared secret key.

Message authentication code MAC

Technical Definition of SHA-1 Standardized secure hash function that uses an input message and secret to compute a message authentication Code (MAC). Algorithm characteristics: nonreversible, collision resistant, avalanche effect (slight change in the input will cause a significant change in the MAC output. Highly secure and easy to implement In practice, the algorithm has some practical limit on the message size (SHA is limited to 2^64 bits) We are all familiar with Hash Tables from data structures? Or a Hash Map?

Message authentication code MAC Alice sends to Bob a document as well as a MAC. Bob can authenticate who sent the document by performing the same MAC on the document and comparing his MAC to the one that Alice sent. If they match, he knows that Alice sent the document. diamond icon represents a comparison process

MAC in JAVA Java Package: javax.crypto Java Class : Mac Methods: getInstance(), init(), update(), doFinal(). Algorithms: HMAC (Hashed MAC)

MD in JAVA Java package: java.security Java class: MessageDigest Methods: getInstance(), reset(), update(), digest(). Algorithms: MD5, SHA, SHA-1

MD in JAVA MessageDigest Class: A MessageDigest object starts out initialized. The data is processed through it using the update methods. Once all the data to be updated has been updated, one of the digest methods should be called once to complete the hash computation. After digest has been called, the MessageDigest object is reset to its initialized state. Ex: MessageDigest test = MessageDigest.getInstance("SHA-1"); test.update(data1); // data1 is a byte array that holds the original massage byte[] msgDigest = test.digest(); test.reset(); test.update(data2); ....

MD in JAVA Alternative classes for computing a message digest on a file: DigestInputStream and DigestOutputStream Java pakage: java.security DigestInputStream class: To complete the message digest computation, call one of read methods. Then call one of the digest methods on the associated message digest . int read(): Reads a byte, and updates the message digest and then return an integer value of the byte that it read. Ex: FileInputStream in = new FileInputStream("MD.txt"); MessageDigest md = MessageDigest.getInstance("MD5"); DigestInputStream digestIn = new DigestInputStream(in, md);

MD in JAVA Ex: Java pakage: java.security DigestOutputStream To complete the message digest computation, call one of the digest methods on the associated message digest after that call one of the write methods. void write(byte[] b) : Updates the message digest using the specified array, and in any case writes the array to the output stream. Ex: MessageDigest md = MessageDigest.getInstance("MD5"); FileOutputStream out = new FileOutputStream("MDout.txt"); DigestOutputStream dout = new DigestOutputStream(out, md);