Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)

Published byThomasina Hunter Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)"— Presentation transcript:

1 1 Hashes and Message Digests

2 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d) = m –Computationally infeasible find the message given the digest Cannot find m 1 and m 2, where d 1 = d 2 Randomness: –Any bit in the output ‘1’ half the time –Each output: 50% ‘1’ bits Message of arbitrary length Hash h A fixed-length short message

3 3 Birthday Paradox What is the minimum value of n such that the probability is greater than 0.5 that at least two people in a group of n people have the same birthday? –Ignore Feb. 29 and assume each birthday is equally likely Probability of n people having n different birthdays: Probability that at least two people have the same birthdays: –1 - n is about 23

4 4 Generalization of Birthday Problem Compute probability of different birthdays Random samples of n people (birthdays) taken from d (365) days What is the minimum value of n such that the probability is greater than 0.5 that there is at least one duplicate? –P(n, d) = 1 – For large n and d, we have –n = 1.2 * d 1/2 Implication – We expect to obtain the same output after about 1.2 * d 1/2 trials http://www.rsasecurity.com/rsalabs/node.asp?id=2205

5 5 How many bits for hash? m bits, takes 2 m/2 to find two with the same hash 64 bits, takes 2 32 messages to search (doable) Need at least 128 bits Example use –Fingerprint a program/document: attackers cannot find a different program with the same message digest

6 6 Hash used for Authentication Alice and Bob share a secret K AB AliceBob MD(K AB |r A ) rArA rBrB MD(K AB |r B )

7 7 Computing a MAC with a HASH Cannot just compute MD(m) –Anyone can compute MD(m) MAC: MD(K AB |m) –Allows concatenation with additional message: MD(K AB |m|m’) MD through chunk n depends on MD through chunks n-1 and the data in chunk n 512-bit blocks, append (message length, pad) How to solve? –Put secret at the end of message : MD(m| K AB ) –Use only half the bits of the message digest as the MAC –Concatenate the secret to both the front and the back of the message

8 8 Encryption with a Message Digest One-time pad: –compute bit streams using MD, K, and IV b 1 =MD(K AB |IV), b i =MD(K AB |b i-1 ), … –  with message blocks Mixing in the plaintext –similar to cipher feedback mode (CFB) b 1 =MD(K AB |IV), c 1 = p 1  b 1 b 2 =MD(K AB | c 1 ), c 2 = p 2  b 2 ….

9 9 Modern Hash Functions MD5 –Previous versions (MD2, MD4) have weaknesses SHA-1 –Secure Hash Algorithms

10 10 MD2 128-bit message digest –Arbitrary number of octets –Message is padded to be a multiple of 16 octets –Append MD2 checksum (16 octets) (a strange function of the padded message) to the end –Process the whole message 16 octets at a time Each intermediate value depends on –Previous intermediate value –The value of the 16 octets of the message being processed

11 11 MD2 Padding

12 12 MD2 Checksum

13 13 MD2  Substitution Table

14 14 MD2 Checksum One byte at a time, k  16 steps m nk : byte nk of message c n =  (m nk  c n-1 )  c n  : 0  41, 1  46, … –Substitution on 0-255 (value of the byte)

15 15 MD2 Final Pass

16 16 MD2 Final Pass Operate on 16-byte chunks 48-byte quantity q: –(current digest|chunk|digest  chunk) 18 passes of massaging over q, and one byte at a time: –c n =  (c n-1 )  c n for n = 0, … 47; c -1 = 0 for pass 0; c -1 = (c 47 + pass #) mod 256 After pass 17, use first 16 bytes as new digest –16  8 = 128

17 17 Overview of MD4, MD5, and SHA-1 MD of MD4/MD5: 128 bit, MD of SHA-1: 160-bit

18 18 Padding for MD4, MD5, and SHA-1

19 19 MD5 Process As many stages as the number of 512-bit blocks in the final padded message Digest: 4 32-bit words: MD=d 0 |d 1 |d 2 |d 3 Every message block contains 16 32-bit words: m 0 |m 1 |m 2 …|m 15 –Digest MD 0 initialized to: d 0 =67452301,d 1 =efcdab89,d 2 =98badcfe, d 3 =10325476 –Every stage consists of 4 passes over the message block, each modifying MD operations

20 20 Constants of MD5 T i =  2 32  sin i 

21 21 MD5 Message Digest Pass 1 For each integer i from 0 through 15 (i)

22 22 MD5 Message Digest Pass 2 For each integer i from 0 through 15

23 23 MD5 Message Digest Pass 3 For each integer i from 0 through 15

24 24 MD5 Message Digest Pass 4 For each integer i from 0 through 15

25 25 SHA-1 Developed by NIST SHA is specified as the hash algorithm in the Digital Signature Standard (DSS), NIST Take a message of length at most 2 64 bits and produces a 160-bit output. SHA design is similar to MD5, but a lot stronger Make five passes over each block of data

26 26 SHA-1 cont’d Step 1: Message Padding – same as MD5 Step 2: Initialize MD buffer 5 32-bit words A|B|C|D|E A = 67452301 B = efcdab89 C = 98badcfe D = 10325476 E = c3d2e1f0

27 27 SHA-1 operation on a 512-bit Block Step 3: the 80-step processing of 512-bit blocks – 4 rounds, 20 steps each. Each step t (0 <= t <= 79): –Input: W t – a 32-bit word from the message K t – a constant. ABCDE: current MD. –Output: ABCDE: new MD Only 4 per-round distinctive additive constants 0 <=t<= 19 K t = 5A827999 20<=t<=39 K t = 6ED9EBA1 40<=t<=59 K t = 8F1BBCDC 60<=t<=79 K t = CA62C1D6 Only 3 different functions RoundFunction f t (B,C,D) 0 <=t<= 19(B  C)  (~B  D) 20<=t<=39 B  C  D 40<=t<=59 (B  C)  (B  D)  (C  D) 60<=t<=79 B  C  D

28 28 SHA-1 cont’d Inner Loop of SHA-1 – 80 Iterations per Block

29 29 HMAC

Download ppt "1 Hashes and Message Digests. 2 Hash Also known as –Message digest –One-way function Function: input message -> output One-way: d=h(m), but not h’(d)"

Similar presentations

Hashes and Message Digests

Hashes and Message Digests
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.

Lecture 7 Overview. Advanced Encryption Standard 10, 12, 14 rounds for 128, 192, 256 bit keys – Regular Rounds (9, 11, 13) – Final Round is different.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Cryptographic Hash Functions Rocky K. C. Chang, February 2013 1.

Cryptographic Hash Functions Rocky K. C. Chang, February
Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.

Outline Project 1 Hash functions and its application on security Modern cryptographic hash functions and message digest –MD5 –SHA.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
Cryptography and Network Security Hash Algorithms.

Cryptography and Network Security Hash Algorithms.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google