1 / 23

Information Security and Management 11. Cryptographic Hash Functions

Information Security and Management 11. Cryptographic Hash Functions. Chih-Hung Wang Fall 2011. Hash Function. Definition A hash function accepts a variable-size message M as input and produces a fixed-size hash code H(M) Sometime called a message digest Hash Algorithm MD5

bettyrsmith
Download Presentation

Information Security and Management 11. Cryptographic Hash Functions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security and Management11. Cryptographic Hash Functions Chih-Hung Wang Fall 2011

  2. Hash Function • Definition • A hash function accepts a variable-size message M as input and produces a fixed-size hash code H(M) • Sometime called a message digest • Hash Algorithm • MD5 • RFC 1321 developed by Ron Rivist at MIT • Secure Hash Algorithm (SHA) • FIPS PUB 180 in 1993 (NIST) 180-1 in 1995 • FISP: Federal Information Processing Standard

  3. PlaintextM Message Digest Hash value H(M) Hash Function

  4. Requirements of Hash • H can be applied to a block of data of any size • H produces a fixed-length output • H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical • For any given code h, it is computationally infeasible to find x such that H(x)=h. This is sometimes referred to in the literature as the one-way property • For any given block x, it is computationally infeasible to find yx with H(y)=H(x). This is sometimes referred to as weak collision resistance • It is computationally infeasible to find any pair (x,y) such that H(x)=H(y). This is sometimes referred to as strong collision resistance.

  5. m1 H(m1) It is difficult to find m1 and m2 (m1 m2) such that H(m1)=H(m2) m2 H(m2) Requirements of Hash

  6. Basic Use of Hash (A)

  7. Basic Use of Hash (B)

  8. Basic Use of Hash (C)

  9. Security of Hash Functions • For a code of length n • One-way: 2n • Weak collision resistance: 2n • Strong collision resistance: 2n/2

  10. The Famous Hash Functions • MD5 • SHA

  11. SHA-1 Logic • Append padding bits: pad message so its length is 448 mod 512 • Append length: append a 64-bit length value to message • Initialize MD buffer: initialise 5-word (160-bit) buffer (A,B,C,D,E) to (67452301,efcdab89,98badcfe,10325476,c3d2e1f0) • Process message in 512-bit (16-word) blocks: • expand 16 words into 80 words by mixing & shifting • use 4 rounds of 20 bit operations on message block & buffer • add output to input to form new buffer value • Output: output hash value is the final buffer value

  12. SHA-1 Compression Function • Each round has 20 steps which replaces the 5 buffer words thus: (A,B,C,D,E) <-(E+f(t,B,C,D)+S5(A)+Wt+Kt),A,S30(B),C,D) • A,B,C,D,E refer to the 5 words of the buffer • t is the step number, 0 t 79 • f(t,B,C,D) is nonlinear function for round • Wt is derived from the message block • Kt is an additive constant value • Sk is circular left shift by k bits

  13. SHA-1 Compression Function

  14. SHA-1 Compression Function

  15. Function Summarized

  16. 80-word Input Sequence • Wt=S1(Wt-16Wt-14 Wt-8 Wt-3)

  17. SHA 512

  18. SHA 512(a single 1024-bit block)

  19. SHA 512 (Elementary operation)

  20. SHA 512 (Creation of 80-word input sequence)

  21. Comparison of SHA-1 and MD5 • Brute force attack for SHA-1 is harder (160 vs 128 bits for MD5) • SHA-1 is not vulnerable to any known attacks (compared to MD4/5) ?? • (Speed) SHA-1 is a little slower than MD5 (80 vs 64 steps) • Both designed is simple and compact • SHA-1 uses big endian scheme (MD5 uses little endian scheme)

  22. Revised Secure Hash Standard • NIST have issued a revision FIPS 180-2 and adds 3 additional hash algorithms: SHA-256, SHA-384, SHA-512. • Designed for compatibility with increased security provided by the AES cipher • Structure & detail are similar to SHA-1 and hence analysis should be similar.

  23. Comparison of SHA Properties

More Related