E-Commerce, abbreviation for electronic commerce, usually defined as the
conduct of business online, via the Internet. Until recently, e-commerce was limited
mainly to large companies and their suppliers, who connected their computers
together to speed up ordering and payment systems. Today, millions of people are
involved in e-commerce on the Internet—when, for example, they visit World Wide
Web sites to buy books or CDs, order flowers or pizzas, or check their bank
In the narrow definition of e-commerce, the term covers the buying and selling of
goods and services using computer communications. This might be done via a
messaging system such as electronic mail (see Office Systems), via the World Wide
Web, or by direct computer-to-computer communications. Direct communications
may use a standard form of electronic data interchange (EDI) such as Edifact (EDI
For Administration, Commerce, and Trade).
Successful e-commerce ultimately leads to some form of payment, and ideally this
will involve "electronic funds transfer" (EFT): in other words, the payment will be
made via an electronic message, not in a physical form such as cash or a cheque.
So-called smart cards and stored value cards (credit cards that contain a
microchip, telephone cards, and so on) should therefore be considered part of e-
commerce. The communications element may not always be obvious, but
somewhere in the background, computer accounts are usually being credited and
The broadest definitions of e-commerce may also include other electronic forms of
doing business, such as fax, Telex (see Telegraph), video conferencing, and even
telephone calls. Usually these are not e-commerce, but they could be regarded as
such, depending on how they are used.
Companies invest in e-commerce systems to eliminate human input: orders and
payments are made by machines rather than by people. This has several
advantages. It cuts the cost of each transaction; speeds it up; and also makes it
more convenient, because transactions can be performed at any hour of the day or
night, often regardless of location.
The key question, then, in describing a transaction as an example of e-commerce
is not which communications system is used, but whether or not the transaction
has been automated. With a telephone-based bank account, for example, a user
may wish to make a payment via the telephone. If a human assistant takes the
instruction and types it into the bank's computer, that cannot be described as e-
commerce. However, if the call is answered by a speech recognition system
(software running on a computer), which verifies the user’s identity and makes the
payment without human involvement, that is e-commerce. Much e-commerce may
soon be performed using a mixture of voice recognition and text messaging from
mobile telephones (see Cellular Radio).
Electronic Funds Transfer
Electronic Funds Transfer (EFT), method of transferring funds automatically from one bank or other
financial account to another by electronic means. One example is electronic funds transfer at point of sale
(EFTPOS), which provides for the automatic transfer of money from buyer to seller at the time of a sale. A
customer inserts a card into a point-of-sale computer terminal in a supermarket, for example.
Telecommunications links are then used to make an automatic debit from the customer's bank account to
pay the bill.
Router, in computer communications, a specialized device used to interconnect
different types of computer network. A router can be used to connect a Local Area
Network (LAN) to another LAN, a Wide Area Network (WAN) to another WAN, or a
LAN to the Internet. Routers transmit data packets through these networks and
may determine the best path of transmission, based on a number of factors,
including traffic load, line speed, and costs. Routers work at the network layer—
layer 3 of the ISO (International Organization for Standardization) “seven-layer
model”. See also Data Communications: Protocols.
Cookie, in computer science, a small text file created by individual Web site servers
and sent to an Internet user’s browser where it is stored on the user’s hard-disk
drive. One of the main purposes of cookies is to identify users and prepare
personalized Web pages for them on future visits to previously viewed pages,
increasing the speed and efficiency of Internet navigation. Cookies can be used to
determine the number of visitors to specific Web sites by assigning a unique
identification code to each Internet user on their first visit to a specific site. Each
time the user returns to that site, the stored cookie transmits a message to the
Web site server, which can then be used to track the number of returning visitors.
Cookies also enable Web sites to assess the effectiveness of online advertising.
They cannot be used to spread viruses and are not able to access the user’s hard
drive. Cookies are not programs, but text-only strings that can be deleted at any
Uniform Resource Locator
Uniform Resource Locator (URL), method of naming documents or places on the
Internet, used most frequently on the World Wide Web (WWW). A URL is a string of
characters that identifies the type of document, the computer the document is on,
the directories and subdirectories the document is in, and the name of the
For example, the URL of the Web page (a document on the WWW) for the United
Kingdom’s “open government” initiative is
http://www.open.gov.uk/services/standards.htm. The part of the URL before the
colon represents the scheme, or format used to retrieve the document; http means
the document is on the WWW. If, instead of http, that part of the URL was ftp, it
would mean that that document could be accessed through File Transfer
Protocol(FTP), a format that allows a user to list files on, retrieve files from, and add
files to another computer on the Internet. Some other schemes are gopher, which
indicates the document is on a Gopher system, a menu-driven document delivery
system for retrieving information from the Internet; news, which means the
document occurs on a Usenet newsgroup, a forum in which users can post and
respond to messages; and telnet, which indicatesTelnet, an access method in
which the user logs on to a remote computer.
The next part of the URL, www.open.gov.uk, is called the hostname and represents
the computer on which the document can be found. The .gov.uk extension
identifies the computer as belonging to the United Kingdom government. Some
other common extensions are .com (commercial—also .co.uk in the United
Kingdom; .co.fr in France, etc.), .ac and .edu (academic and education respectively
—usually a college or university).
After the computer and host names come the path, or chain of directories, on
which the document is found; in this case, the only directory is services. The last
item to be listed is the document name—in this case, standards.htm.
URLs are case-sensitive, which means that uppercase and lowercase letters are
considered different letters, so a user has to enter a URL with all letters in the
correct case. URLs on the WWW are accessed with browsers, or computer
programs that can connect to the Internet and display Web pages.
Internet, a collection of computer networks that operate to common standards
and enable the computers and the programs they run to communicate directly.
There are many small-scale, controlled-access “enterprise internets”, but the
term is usually applied to the global, publicly accessible network, called simply the
Internet or Net. By the end of 2002, more than 100,000 networks and around 120
million users were connected via the Internet.
Internet connection is usually accomplished using international standards
collectively called TCP/IP (Transmission Control Protocol/Internet Protocol), which
are issued by an organization called the Internet Engineering Task Force, combined
with a network registration process, and with the aid of public providers of Internet
access services, known as Internet Service Providers or ISPs.
Each connected computer—called an Internet host—is provided with a unique
Internet Protocol (IP) address—188.8.131.52, for example. For obvious reasons,
the IP address has become known as the “dot address” of a computer. Although
very simple and effective for network operation, dot addresses are not very user-
friendly. Hence the introduction of the Domain Name System (DNS) that allows for
the assignment of meaningful or memorable names to numbers. DNS allows
Internet hosts to be organized around domain names: for example,
“microsoft.com” is a domain assigned to the Microsoft Corporation, with the suffix
“com” signifying a commercial organization. “ftp.microsoft.com” is an Internet
host within that domain. Each part of the domain still has an IP or dot address,
which is used by the network elements to deliver information. From a user point of
view, though, the IP address is translated (or “resolved”) by DNS into the now
The suffix .com is called a generic top-level domain name, and before 2001 there
were just three of these (.com, .net, and .org), with .edu and .gov restricted to
educational institutions and government agencies respectively. As a result of the
rapid growth in Internet use, seven new top-level domain names have been
prepared for use, some by specific sectors (.aero, .coop, and .museum) and some
for general use (.biz, .info, .pro, and .name).
Internets are constructed using virtually any kind of electronic transmission
medium, such as optical-fibre or copper-wire telephone lines, or radio or
microwave channels. They can also connect almost any kind of computer or
operating system; and they are operated in such a way as to be “self-aware” of
The great scale and universality of the public Internet results in its use to connect
many other kinds of computer networks and services—including online information
and shopping services—via systems called gateways. As a result of all these
features, internets are an ideal means of building a very robust universal
information infrastructure throughout the world. The rapid growth of online shops,
information services, and electronic business applications is testament to the
inherent flexibility of the Net.
Internets support thousands of different kinds of operational and experimental
services. A few of the most popular include the following:
E-mail (electronic mail) allows a message to be sent from one person to another,
or to many others, via computer. Internet has its own e-mail standards that have
also become the means of interconnecting most of the world's e-mail systems.
Internet e-mail addresses usually have a form such as
“firstname.lastname@example.org”, where “editor” is the e-mail account name, and
“encarta.microsoft.com” is the domain identity of the computer hosting the
account. E-mail can also be used to create collaborative groups through the use of
special e-mail accounts called “reflectors” or “exploders” that automatically
redistribute mail sent to the address.
The World Wide Web allows the seamless creation and use of elegant point-and-
click hypermedia presentations, linked across the Internet in a way that creates a
vast open knowledge repository, through which users can easily browse.
Gopher is a system that allows the creation and use of directories of files held on
computers on the Internet, and builds links across the Internet in a manner that
allows users to browse through the files.
FTP (File Transfer Protocol) is a set of conventions allowing easy transfer of files
between host computers. This remains the biggest use of the Internet, especially
for software distribution, and many public distribution sites now exist.
Usenet allows automatic global distribution of news messages among thousands of
user groups, called newsgroups.
Telnet is the system that allows a user to “log in” to a remote computer, and
make use of it.
There are four ways to connect to the public Internet.
Host access is usually carried out via dial-up telephone lines and modems,
combined with internet software on a personal computer, and allows the computer
that is accessed to function fully as an internet host.
Network access is similar to host access, but is done via a leased line or an
“always-on” link such as Digital Subscriber Line (DSL) or Etherloop. In this case, all
the attached computers are made into internet hosts. See also Broadband;
Asymmetrical Digital Subscriber Lines.
Terminal access is usually carried out via dial-up telephone lines and modems
combined with terminal emulation software on a personal computer; it allows
interaction with another computer that is an internet host.
Gateway access is similar to terminal access, but is provided via on-line or similar
proprietary services that give the user the ability to exchange e-mail with the
The Internet technology was created by Vinton Cerf in early 1973 as part of a
project headed by Robert Kahn and conducted by the Advanced Research Projects
Agency, part of the United States Department of Defense. Thereafter, Cerf led
many efforts to build, scale, and standardize the Internet. In 1984 the technology
and the network were turned over to the private sector and to government
scientific agencies for further development. The growth has continued
exponentially. Service-provider companies that make “gateways” to the Internet
available to home and business users enter the market in ever-increasing numbers.
By early 2000, access was available in over 200 countries and encompassed
around 100 million users. The Internet and its technology continue to have a
profound effect in promoting the sharing of information, making possible rapid
transactions among businesses, and supporting global collaboration among
individuals and organizations. In 1999, 205 countries and territories in the world had
at least one connection to the Internet. The development of the World Wide Web is
fuelling the rapid introduction of new business tools and activities that may by then
have led to annual business transactions on the Internet worth hundreds of billions
of pounds. The potential of web-based commerce is immense. Techniques that
allow safe transactions over the Net (for payment and funds transfers), the
construction of faster, more secure networks and the development of efficient
search techniques make the Internet an ideal trading medium.
Future concerns are focused in a number of areas, including the efficiency of
search engines—even the most efficient of them cover less than a sixth of all
publicly available pages—as well as privacy, security, and Internet piracy. By its
very nature, the Internet does not cope well with traffic that requires a dedicated
link between two points (such as voice) as end-to-end delay cannot readily be
controlled. Several protocols that allow greater predictability are being developed
to guarantee an assured quality of service. The ability to integrate applications is of
increasing importance. Common data formats allow e-business applications to
cooperate and services such as Internet phones that are easy to install are being
refined and deployed.
In addition to these extra features, the core of the Internet—the network hardware
that connects everyone together—is undergoing an overhaul that will enable it to
cope with ever-increasing traffic loads. The “Internet 2” project has been under
way for several years now and is building faster links and bigger switches that will
power the Internet for years to come.
Intranet, any computer network that provides similar services to those provided by
the Internet, but which is not necessarily connected to the Internet.
The most common example of an Intranet is the use within an organization of one
or more World Wide Web computer servers on an internal network using the
Transmission Control Protocol/Internet Protocol (TCP/IP) for distribution of
information within the organization. The Web sites on an Intranet look and behave
as those on the Internet, but the firewall surrounding an Intranet prevents
unauthorized access from outside the host organization, maintaining computer
Since about 1995, Intranets have become a major growth area in corporate
computing, due to the availability of cheap or free commercial Web browser and
Web server software, allowing them to provide a simple, uniform user interface to
many kinds of information and application programs. If, as is most commonly the
case, the Intranet is contained within a Local Area Network (LAN), then fast LAN
speeds can be achieved over the Intranet. However, Intranets occasionally
comprise two or more remote locations connected via the Internet, in which case
the speed of the Internet is the limiting factor.
E-Mail (abbreviation for electronic mail), transmission of electronic messages
between computers via a network. Millions of e-mails are exchanged every day—
virtually every business relies on it and many people see it as their preferred
method of communication.
For all its ubiquity and importance e-mail is very simple and has humble roots. An e-
mail message is nothing more than a piece of text and the sending of a mail
message requires no more than the simple attachment of this text to a special file,
known as a mailbox.
The first e-mail message was sent in 1971 by an engineer named Ray Tomlinson,
one of the pioneers of the Internet. He showed how a messaging facility that could
be used by several users on a single computer could be extended so that it worked
between a number of computers. Tomlinson decided that the @ sign should be
used to designate the receiving machine, and so e-mail as we know it was born.
Practical e-mail systems have only a few, simple components. At the user end is a
piece of software known as an “e-mail client”; Microsoft Outlook, Eudora,
Pegasus, and Web-based clients such as America Online Inc. (AOL's) e-mail reader
are familiar examples. The client allows the user to create mail messages, to view
the contents of the mailbox, and to read incoming mail.
At the other end from the client is the e-mail server. This is a computer, typically
one provided by an Internet Service Provider, that is dialled up when messages are
sent and received. The server has a list of e-mail accounts, each of which has a
text file where all of the messages for that account are stored.
To send an e-mail, a message is created using the client and is sent to the server.
The server forwards the message to the computer that hosts the mailbox of the
intended recipient. To receive e-mail, the user simply logs on to the e-mail server,
which presents a set of message headers to the client. These headers provide
information as to who sent the message and when it was sent.
There are two protocols that govern how real e-mail systems work. The first is
SMTP (Simple Mail Transfer Protocol), which handles outgoing mail. The other is
POP3 (Post Office Protocol), which handles incoming mail, simply appending
incoming messages to a user’s file. SMTP “listens” for any attached clients who
want to send messages on the server’s well-known port number 25, while POP3
listens for messages addressed to one of its clients on port 110.
E-mail messages get from one server to another in exactly the same way that any
other information traverses the Internet. A program called “sendmail” is used to
queue outgoing messages so if a network link is broken, the message will be re-
sent until it gets through.
Despite the fact that e-mail only works for text, a variety of file types (for instance,
images, sounds, spreadsheets, and so on) can be attached. A program called
“uuencode” turns all attachments into text so that they can be transmitted across
a network. When the message (which could be some words plus an attachment
rendered into text by uuencode) is received, the client invokes “uudecode” to
restore the original.
What is E-Commerce',
'Electronic Commerce (EC) is the paperless exchange of business information using Electronic Data
Interchange (EDI) and related technologies. If you are familiar with Electronic Mail (E-Mail), computer
bulletin boards, facsimile machines (faxes), Electronic Funds Transfer (EFT) You can very well
understand what is e-commerce. These are all forms of EC. All EC systems replace all or key parts of
paper-based work flow with faster, cheaper, more efficient, and more reliable communications between
machines. In today's Defense Department procurement arena, however the most important EC technology to
know about is Electronic Data Interchange, or EDI
Electronic Business, commonly referred to as "eBusiness" or "e-Business", may be defined as the
utilisation of information and communication technologies (ICT) in support of all the activities of business.
Commerce constitutes the exchange of products and services between businesses, groups and individuals
and hence can be seen as one of the essential activities of any business. Hence, electronic commerce or
eCommerce focuses on the use of ICT to enable the external activities and relationships of the business with
individuals, groups and other businesses .
Louis Gerstner, the former CEO of IBM, in his book, 'Who says Elephants can't dance' attributes the term
"e-Business" to IBM's marketing and Internet teams in 1996.
Electronic business methods enable companies to link their internal and external data processing systems
more efficiently and flexibly, to work more closely with suppliers and partners, and to better satisfy the
needs and expectations of their customers.
In practice, e-business is more than just e-commerce. While e-business refers to more strategic focus with an
emphasis on the functions that occur using electronic capabilities, e-commerce is a subset of an overall e-
business strategy. E-commerce seeks to add revenue streams using the World Wide Web or the Internet to
build and enhance relationships with clients and partners and to improve efficiency using the Empty Vessel
strategy. Often, e-commerce involves the application of knowledge management systems.
E-business involves business processes spanning the entire value chain: electronic purchasing and supply
chain management, processing orders electronically, handling customer service, and cooperating with
business partners. Special technical standards for e-business facilitate the exchange of data between
companies. E-business software solutions allow the integration of intra and inter firm business processes. E-
business can be conducted using the Web, the Internet, intranets, extranets, or some combination of these.
(Row´ter) (n.)A device that forwards data packets along networks. A router is connected to at least two
networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways,
the places where two or more networks connect.
Routers use headers and forwarding tables to determine the best path for forwarding the packets, and they
use protocols such as ICMP to communicate with each other and configure the best route between any two
Very little filtering of data is done through routers.
See also Webopedia's "Did You Know... Routers, Switches and Hubs: What's the Difference?"
A message given to a Web browser by a Web server. The browser stores the message in a text file. The
message is then sent back to the server each time the browser requests a page from the server.
Also see session cookie and persistent cookie.
The main purpose of cookies is to identify users and possibly prepare customized Web pages for them.
When you enter a Web site using cookies, you may be asked to fill out a form providing such information as
your name and interests. This information is packaged into a cookie and sent to your Web browser which
stores it for later use. The next time you go to the same Web site, your browser will send the cookie to the
Web server. The server can use this information to present you with custom Web pages. So, for example,
instead of seeing just a generic welcome page you might see a welcome page with your name on it.
The name cookie derives from UNIX objects called magic cookies. These are tokens that are attached to a
user or program and change depending on the areas entered by the user or program.
See What You Need to Know About Cookies in the Did You Know . . . ? section of Webopedia.
Also see Do Cookies Compromise Security? in the Did You Know . . . ? section of Webopedia.
Abbreviation of Uniform Resource Locator, the global address of documents and other resources on the
World Wide Web.
The first part of the address is called a protocol identifier and it indicates what protocol to use, and the
second part is called a resource name and it specifies the IP address or the domain name where the resource
is located. The protocol identifier and the resource name are separated by a colon and two forward slashes.
For example, the two URLs below point to two different files at the domain pcwebopedia.com. The first
specifies an executable file that should be fetched using the FTP protocol; the second specifies a Web page
that should be fetched using the HTTP protocol:
See "Countries and Their Domain Extensions" in the Quick Reference section of Webopedia.
See also "How Web Servers Work" in the "Did You Know...?" section of Webopedia.
1) Short for Symmetric Multiprocessing,
a computer architecture that provides fast performance by making multiple CPUs available to complete
individual processes simultaneously (multiprocessing). Unlike asymmetrical processing, any idle processor
can be assigned any task, and additional CPUs can be added to improve performance and handle increased
loads. A variety of specialized operating systems and hardware arrangements are available to support SMP.
Specific applications can benefit from SMP if the code allows multithreading.
SMP uses a single operating system and shares common memory and disk input/output resources. Both
UNIX and Windows NT support SMP.
(2) Short for Simple Management Protocol, another name for SNMP2. SNMP2 is an enhanced version of
the Simple Network Management Protocol (SNMP) with features required to support larger networks
operating at high data transmission rates. SNMP2 also supports multiple network management workstations
organized in a hierarchical fashion.
- An intranet
is a private network that is contained within an enterprise. It may consist of many interlinked local area
networks and also use leased lines in the wide area network. Typically, an intranet includes connections
through one or more gateway computers to the outside Internet. The main purpose of an intranet is to share
company information and computing resources among employees. An intranet can also be used to facilitate
working in groups and for teleconferences.
An intranet uses TCP/IP, HTTP, and other Internet protocols and in general looks like a private version of
the Internet. With tunneling, companies can send private messages through the public network, using the
public network with special encryption/decryption and other security safeguards to connect one part of their
intranet to another.
Typically, larger enterprises allow users within their intranet to access the public Internet through firewall
servers that have the ability to screen messages in both directions so that company security is maintained.
When part of an intranet is made accessible to customers, partners, suppliers, or others outside the company,
that part becomes part of an extranet.
- An extranet
is a private network that uses Internet technology and the public telecommunication system to securely
share part of a business's information or operations with suppliers, vendors, partners, customers, or other
businesses. An extranet can be viewed as part of a company's intranet that is extended to users outside the
company. It has also been described as a "state of mind" in which the Internet is perceived as a way to do
business with other companies as well as to sell products to customers.
An extranet requires security and privacy. These can include firewall server management, the issuance and
use of digital certificates or similar means of user authentication, encryption of messages, and the use of
virtual private networks (VPNs) that tunnel through the public network.
Companies can use an extranet to:
• Exchange large volumes of data using Electronic Data Interchange (EDI)
• Share product catalogs exclusively with wholesalers or those "in the trade"
• Collaborate with other companies on joint development efforts
• Jointly develop and use training programs with other companies
• Provide or access services provided by one company to a group of other companies, such as an
online banking application managed by one company on behalf of affiliated banks
• Share news of common interest exclusively with partner companies
- The Internet,
sometimes called simply "the Net," is a worldwide system of computer networks - a network of networks in
which users at any one computer can, if they have permission, get information from any other computer
(and sometimes talk directly to users at other computers). It was conceived by the Advanced Research
Projects Agency (ARPA) of the U.S. government in 1969 and was first known as the ARPANET. The
original aim was to create a network that would allow users of a research computer at one university to be
able to "talk to" research computers at other universities. A side benefit of ARPANet's design was that,
because messages could be routed or rerouted in more than one direction, the network could continue to
function even if parts of it were destroyed in the event of a military attack or other disaster.
Today, the Internet is a public, cooperative, and self-sustaining facility accessible to hundreds of millions of
people worldwide. Physically, the Internet uses a portion of the total resources of the currently existing
public telecommunication networks. Technically, what distinguishes the Internet is its use of a set of
protocols called TCP/IP (for Transmission Control Protocol/Internet Protocol). Two recent adaptations of
Internet technology, the intranet and the extranet, also make use of the TCP/IP protocol.
For many Internet users, electronic mail (e-mail) has practically replaced the Postal Service for short written
transactions. Electronic mail is the most widely used application on the Net. You can also carry on live
"conversations" with other computer users, using Internet Relay Chat (IRC). More recently, Internet
telephony hardware and software allows real-time voice conversations.
The most widely used part of the Internet is the World Wide Web (often abbreviated "WWW" or called "the
Web"). Its outstanding feature is hypertext, a method of instant cross-referencing. In most Web sites, certain
words or phrases appear in text of a different color than the rest; often this text is also underlined. When you
select one of these words or phrases, you will be transferred to the site or page that is relevant to this word
or phrase. Sometimes there are buttons, images, or portions of images that are "clickable." If you move the
pointer over a spot on a Web site and the pointer changes into a hand, this indicates that you can click and
be transferred to another site.
Using the Web, you have access to millions of pages of information. Web browsing is done with a Web
browser, the most popular of which are Microsoft Internet Explorer and Netscape Navigator. The
appearance of a particular Web site may vary slightly depending on the browser you use. Also, later
versions of a particular browser are able to render more "bells and whistles" such as animation, virtual
reality, sound, and music files, than earlier versions.
Short for HyperText Transfer Protocol
, the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and
transmitted, and what actions Web servers and browsers should take in response to various commands. For
example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server
directing it to fetch and transmit the requested Web page.
The other main standard that controls how the World Wide Web works is HTML, which covers how Web
pages are formatted and displayed.
HTTP is called a stateless protocol because each command is executed independently, without any
knowledge of the commands that came before it. This is the main reason that it is difficult to implement
Web sites that react intelligently to user input. This shortcoming of HTTP is being addressed in a number of
Also see The Difference Between FTP and HTTP in the Did You Know . . . ? section of Webopedia.
A hash function is a form of encryption that takes some plaintext input and
transforms it into a fixed-length encrypted output called the message digest. The
digest is a fixed-size set of bits that serves as a unique "digital fingerprint" for the
original message. If the original message is altered and hashed again, it will produce
a different signature. Thus, hash functions can be used to detect altered and forged
documents. They provide message integrity, assuring recipients that the contents of a
message have not been altered or corrupted.
Hash functions are one-way, meaning that it is easy to compute the message digest
but very difficult to revert the message digest back to the original plaintext (e.g.,
imagine trying to put a smashed pumpkin back to exactly the way it was). Hash
function features are listed here:
• A hash function should be impossible for two different messages to ever
produce the same message digest. Changing a single digit in one message will
produce an entirely different message digest.
• It should be impossible to produce a message that has some desired or
predefined output (target message digest).
• It should be impossible to reverse the results of a hash function. This is
possible because a message digest could have been produced by an almost
infinite number of messages.
• The hash algorithm itself does not need to be kept secret. It is made available
to the public. Its security comes from its ability to produce one-way hashes.
• The resulting message digest is a fixed size. A hash of a short message will
produce the same size digest as a hash of a full set of encyclopedias.
Hash functions may be used with or without a key. If a key is used, both symmetric
(single secret key) and asymmetric keys (public/private key pairs) may be used. The
two primary algorithms are listed next and the RFCs listed later provide more
information on the protocols. Also see the list of Web sites on the related entries
• MD-5 A hash function designed by Ron Rivest, one of the inventors of the
RSA public-key encryption scheme. The MD-5 algorithm produces a 128-bit
output. Note that MD-5 is now known to have some weaknesses and should be
avoided if possible. SHA-1 is generally recommended. This is discussed later.
• SHA-1 (Secure Hash Algorithm-1) SHA-1 is an MD-5-like algorithm that
was designed to be used with the Digital Signature Standard (DSS). The United
States agencies NIST (National Institute of Standards and Technology) and NSA
(National Security Agency) are responsible for SHA-1. The SHA-1 algorithm
produces a 160-bit MAC. This longer output is considered to be more secure
Keyed MD5 is a technique for using MD-5. Basically, a sender appends a randomly
generated key to the end of a message, and then hashes the message and key
combination to create a message digest. Next, the key is removed from the message
and encrypted with the sender's private key. The message, message digest, and
encrypted key are sent to the recipient, who opens the key with the sender's public
key (thus validating that the message is actually from the sender). The recipient then
appends the key to the message and runs the same hash as the sender. The message
digest should match the message digest sent with the message.
The result of a hash function that combines a message with a key is called a message
authentication code, or MAC. A MAC is a "fingerprint" or "message digest" of the input
in combination with a key available to parties in the message exchange.
Hash functions are used in authentication routines such as CHAP (Challenge
Handshake Authentication Protocol). Both the client and server share a secret-the
password used by the client, which has been previously exchanged but is never sent
over the wire. When the client establishes a link to the server, the server sends a
unique "challenge" value (sometimes called a nonce) to the client. The client
combines his or her password with the challenge and then runs them through the
hash function. The result is sent back to the server, which runs the same process and
compares its results with those received from the client. If they compare, the client is
considered authentic. Note that the actual password is never sent, only a hash of the
challenge and password combination.
HMAC (Hashed Message Authentication Code) is a core protocol that is considered
essential for security on the Internet along with IPSec, according to RFC 2316 (Report
of the IAB, April 1998). It is not a hash function, but a mechanism for message
authentication that uses either MD5 or SHA-1 hash functions in combination with a
shared secret key (as opposed to a public/private key pair). Basically, a message is
combined with a key and run through the hash function. The result is then combined
with the key and run through the hash function again. This 128-bit result is truncated
to 96 bits and becomes the MAC.
According to RFC 2104 (HMAC: Keyed-Hashing for Message Authentication, February
1997), HMAC should be used in preference to older techniques, notably keyed hash
functions. Keyed hashes based on MD-5 are especially to be avoided, given the hints
of weakness in MD-5. HMAC is the preferred shared-secret authentication technique,
and it should be used with SHA-1. It can be used to authenticate any arbitrary
message and is suitable for logins.
The following RFCs provide important additional information about the hash functions
used in the Internet environment. These RFCs are located on the CD-ROM.
• RFC 1321 (MD5 Message-Digest Algorithm, April 1992)
• RFC 1828 (IP Authentication using Keyed MD5, August 1995)
• RFC 1864 (The Content-MD5 Header Field, October 1995)
• RFC 1994 (PPP Challenge Handshake Authentication Protocol (CHAP), August
• RFC 2069 (An Extension to HTTP: Digest Access Authentication, January 1997)
• RFC 2085 (HMAC-MD5 IP Authentication with Replay Prevention, February
• RFC 2104 (HMAC: Keyed-Hashing for Message Authentication, February 1997)
• RFC 2316 (Report of the IAB, April 1998)
• RFC 2401 (Security Architecture for the Internet Protocol, November 1998)
• RFC 2403 (The Use of HMAC-MD5-96 within ESP and AH, November 1998)
• RFC 2404 (The Use of HMAC-SHA-1-96 within ESP and AH, November 1998)
• RFC 2537 (RSA/MD5 KEYs and SIGs in the Domain Name System (DNS), March
• RFC 2831 (Using Digest Authentication as a SASL Mechanism, May 2000)
• RFC 2857 (The Use of HMAC-RIPEMD-160-96 within ESP and AH, June 2000
Authentication using Private-key Ciphers
• if a message is being encrypted using a session key known only to the sender and receiver, then the
message may also be authenticated
o since only sender or receiver could have created it
o any interference will corrupt the message (provided it includes sufficient redundancy to
o but this does not provide non-repudiation since it is impossible to prove who created the
• message authentication may also be done using the standard modes of use of a block cipher
o sometimes do not want to send encrypted messages
o can use either CBC or CFB modes and send final block, since this will depend on all
previous bits of the message
o no hash function is required, since this method accepts arbitrary length input and produces a
o usually use a fixed known IV
o this is the approached used in Australian EFT standards AS8205
o major disadvantage is small size of resulting MAC since 64-bits is probably too small
• hashing functions are used to condense an arbitrary length message to a fixed size, usually for
subsequent signature by a digital signature algorithm
• good cryptographic hash function h should have the following properties:
o h should destroy all homomorphic structures in the underlying public key cryptosystem (be
unable to compute hash value of 2 messages combined given their individual hash values)
o h should be computed on the entire message
o h should be a one-way function so that messages are not disclosed by their signatures
o it should be computationally infeasible given a message and its hash value to compute
another message with the same hash value
o should resist birthday attacks (finding any 2 messages with the same hash value, perhaps by
iterating through minor permutations of 2 messages )
• it is usually assumed that the hash function is public and not keyed
• traditional CRCs do not satisfy the above requirements
• length should be large enough to resist birthday attacks (64-bits is now regarded as too small,
• a one-way hash function designed by Ralph Merkle
• creates 128 or 256 bit long hash values (let m be length)
• uses an algorithm H which hashes 512-bits to m-bits, taking the first m output bits of H as the hash
o H is based on a reversible block cipher E operating on 512-bit blocks
o H is the last m-bits of the output of E XOR'd with the first m-bits of the input of E
o E is composed of several passes, each pass has 64 rounds of an S-box lookup and XOR
o E can use 2 to 8 passes
• overview of algorithm
o break message into 512-m bit chunks
o each chunk has the previous hash value appended (assuming an IV of 0)
o H is computed on this value, giving a new hash value
o after the last block (0 padded to size as needed) the hash value is appended to a message
length value and H computed on this, the resulting value being the MAC
• Snefru has been broken by a birthday attack by Biham and Shamir for 128-bit hashes, and possibly
for 256-bit when 2 to 4 passes are used in E
• Merkle recommends 8 passes, but this is slow