One-way Encryption Properties A cipher designed only to encrypt, not decrypt. One-way encryption is useful for storing passwords, among other things. plaintext ciphertext encryption algorithm This slide is a reminder from the Classis Crypto lecture. Actually, a hash is a special kind of one-way encryption. (It uses no key and is a fixed length (128 to 512 bits). A hash must be as random as possible and be “collision resistant”.. Properties • Encryption produces a unique value for each different plaintext value (collision free). • There cannot be a decryption algorithm (one-way). • Both keyed and non-keyed algorithms.
Non-keyed One-way Ciphers MD5 • Created by Ron Rivest (MIT) - 1992 • 128-bit digest SHA family • SHA-1 created by NSA - 1995 • 160-bit digest for SHA-1 • variants with larger digests: SHA-256, SHA-384, SHA-512 MD5 (128-bit key) is beginning to be suspect. SHA1 (160-bit key) is next. NSA is considering SHA256 and SHA512 as standards. There isn’t must research on hashing and no other hashes have stood the test of time. Note: In 2004 three cryptographers (Eli Biham, Rafi Chen, and Antoine Joux) discover potential collisions in SHA-0 (and possibly SHA-1).
How To Use for Passwords? User Selects New Password password digest encryption algorithm store in password file User Enters Password (in response to challenge) password digest encryption algorithm compared to digest from password file
...in Java Four Steps Instantiate a java.security.MessageDigest object. (This is done by calling a static method named getInstance). 2) Fill a byte array from plaintext to be hashed. 3) Call update on the object, passing the byte array. 4) Call digest to retrieve the hash value (as a byte array). MessageDigest md = MessageDigest.getInstance(“MD5”); byte[] buffer = someMethodToReturnPlaintext(); md.update(buffer); Note: This can be called as many times as necessary. byte[] digest = md.digest();