Martin Kobetic, profile picture
Uploaded byMartin Kobetic
PPT, PDF1,063 views

Cryptography for Smalltalkers 2 - ESUG 2006

The document discusses various topics in public key cryptography including public key algorithms like RSA and Diffie-Hellman key exchange. It also covers hashing algorithms like MD5 and SHA, digital signatures using RSA and DSA, and applications like encryption, key establishment, and signing. Code examples are provided in Smalltalk to demonstrate encrypting, decrypting, signing and verifying messages using these cryptographic techniques.

Embed presentation

Downloaded 17 times
Cryptography or Smalltalkers 2 Public Key Cryptography Martin Kobetic Cincom Smalltalk Development ESUG 2006
Contents Public Key Algorithms Encryption (RSA) Key Establishment (RSA, DH) Signing Hashes (SHA, MD5) MACs (HMAC, CBC-MAC) Digital Signatures (RSA, DSA)
Public Key Algorithms public and private key hard to compute private from the public sparse key space => much longer keys based on “hard” problems factoring, discrete logarithm much slower RSA, DSA, DH, ElGamal elliptic curves: ECDSA, ECDH, …
Encryption provides: confidentiality symmetric (secret) key ciphers same (secret) key => encrypt and decrypt DES, AES, RC4 asymmetric (public) key ciphers public key => encrypt private key => decrypt RSA,ElGammal
RSA (1977) RSA Security, PKCS #1 modulus n = product of 2 large primes p, q public: e = relatively prime to (p-1)(q-1) private: d = e -1 mod ((p-1)(q-1)) C = P e mod n [ P < n ] P = C d mod n small e => faster encryption
RSA keys := RSAKeyGenerator keySize: 512. alice := RSA new publicKey: keys publicKey. ctxt := alice encrypt: 'Hello World' asByteArray. ctxt asHexString bob := RSA new privateKey: keys privateKey. (bob decrypt: ctxt) asString
RSA keys := RSAKeyGenerator keySize: 512. alice := RSA new publicKey: keys publicKey. msg := 'Hello World' asByteArrayEncoding: #utf8. msg := alice encrypt: msg. bob := RSA new privateKey: keys privateKey. msg := bob decrypt: msg. msg asStringEncoding: #utf8
Key Establishment public key too slow for bulk encryption public key => secure symmetric key symmetric key => bulk encryption key exchange (RSA) generate one-time symmetric key public key => encrypt the symmetric key key agreement (DH) parties cooperate to generate a shared secret
RSA – Key Exchange key := DSSRandom default byteStream next: 40. msg := 'Hello World!' asByteArray. msg := (ARC4 key: key) encrypt: msg. alice := RSA new publicKey: keys publicKey. key := alice encrypt: key. bob := RSA new privateKey: keys privateKey. key := bob decrypt: key ((ARC4 key: key) decrypt: msg) asString.
Diffie-Hellman (1976) shared secret over unprotected channel http://www.ietf.org/rfc/rfc2631. txt modulus p: large prime (>=512b) order q: large prime (>=160b) generator g: order q mod p private x: random 1 < x < q - 1 public y: g^x mod p public y’: other party’s y = g^x’ (mod p) shared secret: y’^x = y^x’ (mod p)
Diffie-Hellman (interactive) gen := DHParameterGenerator m: 160 l: 512. alice := DH p: gen p q: gen q g: gen g. ya := alice publicValue. bob := DH p: alice p q: alice q g: alice g. yb := bob publicValue. ss := bob sharedSecretUsing: ya ss = (alice sharedSecretUsing: yb)
Diffie-Hellman (offline) bob := DH newFrom: gen. yb := bob publicValue. alice := DH newFrom: gen. ya := alice publicValue. ss := (alice sharedSecretUsing: yb) asByteArray. msg := 'Hello World!' asByteArray. msg := (ARC4 key: ss) encrypt: msg. ss := (bob sharedSecretUsing: ya) asByteArray. ((ARC4 key: ss) decrypt: msg) asString.
Signing Provides: integrity (tamper evidence) authentication non-repudiation Hashes (SHA, MD5) Digital Signatures (RSA, DSA)
Hash Functions provides: data “fingerprinting” unlimited input size => fixed output size must be: one-way : h(m) => m collision resistant : m1,m2 => h(m1) = h(m2) MD2, MD4, MD5, SHA, RIPE-MD
Hash Functions compression function: M = M 1 , M 2 , … h i = f(M i , h i-1 ) MD-strengthening: include message length (in the padding) doesn’t completely prevent “length extension”
MD5 (1992) http://www.ietf.org/rfc/rfc1321. txt (Ron Rivest) digest: 128-bits (16B) block: 512-bits (64B) padding: M | 10...0 | length (64bits) broken in 2004, avoid MD5!
MD5 (MD5 hash: 'Hello' asByteArray) asHexString (MD5 hash: #[1 2 3 4 5] from: 2 to: 4) asHexString input := #[1 2 3 4 5 6 7 8 9] readStream. (MD5 hashNext: 3 from: input) asHexString (MD5 hashFrom: input) asHexString
SHA (1993) SHS - NIST FIPS PUB 180 digest: 160 bits (20B) block: 512 bits (64B) padding: M | 10...0 | length (64bits) FIPS 180-1: SHA-1 (1995) FIPS 180-2: SHA-256, 384, 512 (2002) SHA-1 broken in 2005!
SHA input := 'Hello World!' asByteArray readStream. sha := SHA new. sha updateWithNext: 5 from: input. sha digest asHexString. sha updateFrom: input. sha digest asHexString. input reset. (SHA256 hashFrom: input) asHexString.
Digital Signatures authentic, non-reusable, unalterable signing uses the private key message, key => signature verification uses the public key message, key, signature => true/false
RSA signing: hash the plaintext encode digest encrypt digest with private key verifying: decrypt digest with public key decode digest hash the plaintext compare the digests
RSA alice := RSA new privateKey: keys privateKey. msg := 'Hello World' asByteArray. sig := alice sign: msg. sig asHexString bob := RSA new publicKey: keys publicKey. bob verify: sig of: msg
DSA (1994) NIST FIPS PUB 186 p prime (modulus): (512 + k*64 <= 1024) q prime factor of p – 1 (160 bits) g > 1; g^q mod p = 1 (g has order q mod p) x < q (private key) y = g^x mod p (public key) FIPS 186-1 (1998): RSA(X9.31) FIPS 186-2 (2001): ECDSA(X9.62) FIPS 186-3 (?2006): bigger keys up to 15K bits
DSA keys := DSAKeyGenerator keySize: 512. alice := DSA new privateKey: keys privateKey. sig := alice sign: 'Hello World' asByteArray bob := DSA new publicKey: keys publicKey. bob verify: sig of: 'Hello World' asByteArray
Books [1] Anderson: Security Engineering [2] Ferguson, Schneier: Practical Cryptography [3] Kahn: The Codebreakers [4] Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography [5] Schneier: Applied Cryptography

More Related Content

PPTX
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
bySvetlin Nakov
 
PPTX
Cool Crypto Concepts CodeOne SFO
byRoy Wasse
 
PPTX
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
bySvetlin Nakov
 
PDF
Cryptography For The Average Developer - Sunshine PHP
byAnthony Ferrara
 
PDF
Strong cryptography in PHP
byEnrico Zimuel
 
PDF
How does cryptography work? by Jeroen Ooms
byAjay Ohri
 
PPTX
Cryptography for Absolute Beginners (May 2019)
bySvetlin Nakov
 
PPTX
Intro to Cryptography on the Web
byMichael Wynholds
 
Blockchain Cryptography for Developers (Nakov @ BGWebSummit 2018)
bySvetlin Nakov
 
Cool Crypto Concepts CodeOne SFO
byRoy Wasse
 
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
bySvetlin Nakov
 
Cryptography For The Average Developer - Sunshine PHP
byAnthony Ferrara
 
Strong cryptography in PHP
byEnrico Zimuel
 
How does cryptography work? by Jeroen Ooms
byAjay Ohri
 
Cryptography for Absolute Beginners (May 2019)
bySvetlin Nakov
 
Intro to Cryptography on the Web
byMichael Wynholds
 

What's hot

PPTX
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
bySvetlin Nakov
 
PDF
Cryptography in PHP: use cases
byEnrico Zimuel
 
PPTX
Cybersecurity cyberlab3
byrayborg
 
PDF
solutions.hamburg | web3 // smart contracts // ethereum
byMaximilian Reichel
 
PPTX
Message authentication with md5
by志璿 楊
 
PDF
Cryptography For The Average Developer
byAnthony Ferrara
 
PDF
AREA41 - Anatomy of attacks aimed at financial sector by the Lazarus group
bySeongsuPark8
 
ODP
Password Security
byAlex Hyer
 
PPTX
Message Authentication using Message Digests and the MD5 Algorithm
byAjay Karri
 
PDF
Password Storage And Attacking In PHP - PHP Argentina
byAnthony Ferrara
 
PPTX
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
byYurii Bilyk
 
PPT
Hash crypto
byHarry Potter
 
PDF
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
byMongoDB
 
PDF
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
byMongoDB
 
PDF
Password Security
byCSCJournals
 
PPTX
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
bySvetlin Nakov
 
PDF
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
byMongoDB
 
PPTX
Webinar: General Technical Overview of MongoDB for Dev Teams
byMongoDB
 
PPT
Pki by Steve Lamb
byInformation Security Awareness Group
 
ODP
Applying Security Algorithms Using openSSL crypto library
byPriyank Kapadia
 
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
bySvetlin Nakov
 
Cryptography in PHP: use cases
byEnrico Zimuel
 
Cybersecurity cyberlab3
byrayborg
 
solutions.hamburg | web3 // smart contracts // ethereum
byMaximilian Reichel
 
Message authentication with md5
by志璿 楊
 
Cryptography For The Average Developer
byAnthony Ferrara
 
AREA41 - Anatomy of attacks aimed at financial sector by the Lazarus group
bySeongsuPark8
 
Password Security
byAlex Hyer
 
Message Authentication using Message Digests and the MD5 Algorithm
byAjay Karri
 
Password Storage And Attacking In PHP - PHP Argentina
byAnthony Ferrara
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
byYurii Bilyk
 
Hash crypto
byHarry Potter
 
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
byMongoDB
 
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
byMongoDB
 
Password Security
byCSCJournals
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
bySvetlin Nakov
 
MongoDB .local Munich 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
byMongoDB
 
Webinar: General Technical Overview of MongoDB for Dev Teams
byMongoDB
 
Pki by Steve Lamb
byInformation Security Awareness Group
 
Applying Security Algorithms Using openSSL crypto library
byPriyank Kapadia
 

Viewers also liked

DOC
Pts
byMaya Arymurti
 
PPTX
Maycafotos2 eviita
byangelinayoli
 
PPT
WordCamp Utah 2010 Presentation
byJ.R. Farr
 
PPTX
Maycafotos2 eviita
byangelinayoli
 
PDF
Secure Communications with VisualWorks - CSTUC 2006
byMartin Kobetic
 
PPTX
Jane Austen Can Get You A Job
byGeordie McClelland
 
PDF
Xtreams - ESUG 2010
byMartin Kobetic
 
Pts
byMaya Arymurti
 
Maycafotos2 eviita
byangelinayoli
 
WordCamp Utah 2010 Presentation
byJ.R. Farr
 
Maycafotos2 eviita
byangelinayoli
 
Secure Communications with VisualWorks - CSTUC 2006
byMartin Kobetic
 
Jane Austen Can Get You A Job
byGeordie McClelland
 
Xtreams - ESUG 2010
byMartin Kobetic
 

Similar to Cryptography for Smalltalkers 2 - ESUG 2006

PPT
Cryptography and SSL in Smalltalk - StS 2003
byMartin Kobetic
 
PDF
Cryptography for Smalltalkers 2
byESUG
 
PPT
Ch12
byJoe Christensen
 
PPT
HifnCrypto101
byJim Faith
 
PPT
RSA
bybansidhar11
 
PPT
Cryptography for Smalltalkers - ESUG 2004
byMartin Kobetic
 
PPT
Secure Communication (Distributed computing)
bySri Prasanna
 
PPTX
Cryptography and network security
byNagendra Um
 
PPT
An Introduction to Hashing: A basic understanding
byprabhatv1
 
PDF
WEEK-2 (1).pdfdccccccccccccccccccccccccccccccccccc
bydeepak123mastermind
 
PPTX
chapter three 3-part II-1lecture slide.pptx
bymeharikiros2
 
PPT
Introduction to cryptography
bySuresh Thammishetty
 
PPTX
IS413 Topic 5.pptx
byWarrenPhiri4
 
PPT
Network Security: Standards and Cryptography
byJack Davis
 
PPT
Rsa
byismaelhaider
 
PPT
ENGG_CSE_III_YEAR_Message_Digest_MD_5.ppt
bySakethBhargavaRallap
 
DOCX
Final Project SkeletonCipherClient.javaFinal Project SkeletonC.docx
byvoversbyobersby
 
PPT
Ch10
byJoe Christensen
 
PDF
Native or External?
byESUG
 
PPTX
Security
bySaqib Shehzad
 
Cryptography and SSL in Smalltalk - StS 2003
byMartin Kobetic
 
Cryptography for Smalltalkers 2
byESUG
 
Ch12
byJoe Christensen
 
HifnCrypto101
byJim Faith
 
RSA
bybansidhar11
 
Cryptography for Smalltalkers - ESUG 2004
byMartin Kobetic
 
Secure Communication (Distributed computing)
bySri Prasanna
 
Cryptography and network security
byNagendra Um
 
An Introduction to Hashing: A basic understanding
byprabhatv1
 
WEEK-2 (1).pdfdccccccccccccccccccccccccccccccccccc
bydeepak123mastermind
 
chapter three 3-part II-1lecture slide.pptx
bymeharikiros2
 
Introduction to cryptography
bySuresh Thammishetty
 
IS413 Topic 5.pptx
byWarrenPhiri4
 
Network Security: Standards and Cryptography
byJack Davis
 
Rsa
byismaelhaider
 
ENGG_CSE_III_YEAR_Message_Digest_MD_5.ppt
bySakethBhargavaRallap
 
Final Project SkeletonCipherClient.javaFinal Project SkeletonC.docx
byvoversbyobersby
 
Ch10
byJoe Christensen
 
Native or External?
byESUG
 
Security
bySaqib Shehzad
 

Cryptography for Smalltalkers 2 - ESUG 2006

  • 1.
    Cryptography or Smalltalkers2 Public Key Cryptography Martin Kobetic Cincom Smalltalk Development ESUG 2006
  • 2.
    Contents Public KeyAlgorithms Encryption (RSA) Key Establishment (RSA, DH) Signing Hashes (SHA, MD5) MACs (HMAC, CBC-MAC) Digital Signatures (RSA, DSA)
  • 3.
    Public Key Algorithmspublic and private key hard to compute private from the public sparse key space => much longer keys based on “hard” problems factoring, discrete logarithm much slower RSA, DSA, DH, ElGamal elliptic curves: ECDSA, ECDH, …
  • 4.
    Encryption provides: confidentialitysymmetric (secret) key ciphers same (secret) key => encrypt and decrypt DES, AES, RC4 asymmetric (public) key ciphers public key => encrypt private key => decrypt RSA,ElGammal
  • 5.
    RSA (1977) RSASecurity, PKCS #1 modulus n = product of 2 large primes p, q public: e = relatively prime to (p-1)(q-1) private: d = e -1 mod ((p-1)(q-1)) C = P e mod n [ P < n ] P = C d mod n small e => faster encryption
  • 6.
    RSA keys :=RSAKeyGenerator keySize: 512. alice := RSA new publicKey: keys publicKey. ctxt := alice encrypt: 'Hello World' asByteArray. ctxt asHexString bob := RSA new privateKey: keys privateKey. (bob decrypt: ctxt) asString
  • 7.
    RSA keys :=RSAKeyGenerator keySize: 512. alice := RSA new publicKey: keys publicKey. msg := 'Hello World' asByteArrayEncoding: #utf8. msg := alice encrypt: msg. bob := RSA new privateKey: keys privateKey. msg := bob decrypt: msg. msg asStringEncoding: #utf8
  • 8.
    Key Establishment publickey too slow for bulk encryption public key => secure symmetric key symmetric key => bulk encryption key exchange (RSA) generate one-time symmetric key public key => encrypt the symmetric key key agreement (DH) parties cooperate to generate a shared secret
  • 9.
    RSA – KeyExchange key := DSSRandom default byteStream next: 40. msg := 'Hello World!' asByteArray. msg := (ARC4 key: key) encrypt: msg. alice := RSA new publicKey: keys publicKey. key := alice encrypt: key. bob := RSA new privateKey: keys privateKey. key := bob decrypt: key ((ARC4 key: key) decrypt: msg) asString.
  • 10.
    Diffie-Hellman (1976) sharedsecret over unprotected channel http://www.ietf.org/rfc/rfc2631. txt modulus p: large prime (>=512b) order q: large prime (>=160b) generator g: order q mod p private x: random 1 < x < q - 1 public y: g^x mod p public y’: other party’s y = g^x’ (mod p) shared secret: y’^x = y^x’ (mod p)
  • 11.
    Diffie-Hellman (interactive) gen:= DHParameterGenerator m: 160 l: 512. alice := DH p: gen p q: gen q g: gen g. ya := alice publicValue. bob := DH p: alice p q: alice q g: alice g. yb := bob publicValue. ss := bob sharedSecretUsing: ya ss = (alice sharedSecretUsing: yb)
  • 12.
    Diffie-Hellman (offline) bob:= DH newFrom: gen. yb := bob publicValue. alice := DH newFrom: gen. ya := alice publicValue. ss := (alice sharedSecretUsing: yb) asByteArray. msg := 'Hello World!' asByteArray. msg := (ARC4 key: ss) encrypt: msg. ss := (bob sharedSecretUsing: ya) asByteArray. ((ARC4 key: ss) decrypt: msg) asString.
  • 13.
    Signing Provides: integrity(tamper evidence) authentication non-repudiation Hashes (SHA, MD5) Digital Signatures (RSA, DSA)
  • 14.
    Hash Functions provides:data “fingerprinting” unlimited input size => fixed output size must be: one-way : h(m) => m collision resistant : m1,m2 => h(m1) = h(m2) MD2, MD4, MD5, SHA, RIPE-MD
  • 15.
    Hash Functions compressionfunction: M = M 1 , M 2 , … h i = f(M i , h i-1 ) MD-strengthening: include message length (in the padding) doesn’t completely prevent “length extension”
  • 16.
    MD5 (1992) http://www.ietf.org/rfc/rfc1321.txt (Ron Rivest) digest: 128-bits (16B) block: 512-bits (64B) padding: M | 10...0 | length (64bits) broken in 2004, avoid MD5!
  • 17.
    MD5 (MD5 hash:'Hello' asByteArray) asHexString (MD5 hash: #[1 2 3 4 5] from: 2 to: 4) asHexString input := #[1 2 3 4 5 6 7 8 9] readStream. (MD5 hashNext: 3 from: input) asHexString (MD5 hashFrom: input) asHexString
  • 18.
    SHA (1993) SHS- NIST FIPS PUB 180 digest: 160 bits (20B) block: 512 bits (64B) padding: M | 10...0 | length (64bits) FIPS 180-1: SHA-1 (1995) FIPS 180-2: SHA-256, 384, 512 (2002) SHA-1 broken in 2005!
  • 19.
    SHA input :='Hello World!' asByteArray readStream. sha := SHA new. sha updateWithNext: 5 from: input. sha digest asHexString. sha updateFrom: input. sha digest asHexString. input reset. (SHA256 hashFrom: input) asHexString.
  • 20.
    Digital Signatures authentic,non-reusable, unalterable signing uses the private key message, key => signature verification uses the public key message, key, signature => true/false
  • 21.
    RSA signing: hashthe plaintext encode digest encrypt digest with private key verifying: decrypt digest with public key decode digest hash the plaintext compare the digests
  • 22.
    RSA alice :=RSA new privateKey: keys privateKey. msg := 'Hello World' asByteArray. sig := alice sign: msg. sig asHexString bob := RSA new publicKey: keys publicKey. bob verify: sig of: msg
  • 23.
    DSA (1994) NISTFIPS PUB 186 p prime (modulus): (512 + k*64 <= 1024) q prime factor of p – 1 (160 bits) g > 1; g^q mod p = 1 (g has order q mod p) x < q (private key) y = g^x mod p (public key) FIPS 186-1 (1998): RSA(X9.31) FIPS 186-2 (2001): ECDSA(X9.62) FIPS 186-3 (?2006): bigger keys up to 15K bits
  • 24.
    DSA keys :=DSAKeyGenerator keySize: 512. alice := DSA new privateKey: keys privateKey. sig := alice sign: 'Hello World' asByteArray bob := DSA new publicKey: keys publicKey. bob verify: sig of: 'Hello World' asByteArray
  • 25.
    Books [1] Anderson:Security Engineering [2] Ferguson, Schneier: Practical Cryptography [3] Kahn: The Codebreakers [4] Menezes, van Oorschot, Vanstone: Handbook of Applied Cryptography [5] Schneier: Applied Cryptography

Editor's Notes

  • #4 much slower than secret key encryption: expensive operations (x^y mod z), long keys (1-8K bits) =&gt; used for key encryption/exchange, signing elliptic curve crypto (ECC) same ciphers, different number field allows much shorter keys for comparable security =&gt; faster heavily patented (www.certicom.com) some royalty free licenses for specific purposes (NIST/IETF)
  • #5 Usage: sender uses the *public* key of the recipient to encrypt the message receiver uses her *private* key to decrypt the message encryption does not provide integrity protection!
  • #6 Rivest, Shamir, Adelman can be used for both encryption and digital signatures use small e to optimize encryption/verification Pitfalls: don’t use the same key to encrypt and sign; decrypting c is the same operation as signing c ! not good with small messages; if modular reduction doesn’t occur (good chance with small e), the plaintext can be recovered by simple (non-modular) e-th root computation; =&gt; PKCS#1 applies padding in fact any kind of structure in the message seems to facilitate attacks; messages should be protected against that using suitable “encoding”; including padding =&gt; use PKCS#1 v2.1 – OAEP padding
  • #8 public key structure: n, e ciphertext size is 512 bits! (depends on the key size) private key structure: n, d p, q: CRT =&gt; 3-4 times speed up of decryption.
  • #10 you have to transfer both the encrypted key and the encrypted message
  • #11 allows to establish a shared, secret value over an unprotected communication channel used to establish a secret session key for further communication (DH handshake) doesn’t provide authentication of the parties =&gt; doesn’t protect against the man-in-the-middle attack small subgroup attack –small order g the shared secret is in that subgroup, if the group is small enough, it can be searched for the secret =&gt; solution: safe primes p = 2q + 1; q prime
  • #12 m – bit size of q =&gt; bit size of x (at least twice the size of symmetric key) l – bit size of p =&gt; bit size of y - Ephemeral-ephemeral DH - perfect forward secrecy (PFS)
  • #13 Ephemeral-static DH Unlike RSA with DH Bob needs ya to decrypt!
  • #15 a.k.a “message digest” one-way : hard to find the input for given output collision resistant : hard to find two distinct inputs with the same output used a lot in MACs and digital signatures used for file “fingerprints”: md5sum, sha1sum
  • #16 MD-strengthening: with inclusion of the length no encoded input is a prefix of another encoded input MD-stregthening helps a lot but doesn’t completely prevent “length extension” if M2 = M1’ || X =&gt; h(M2) = h ( h (M1) || X)) M1’ means, the original M1 message padded as prescribed by the hash function possible fixes: h(h(M), M) – expensive, or h(h(M)) - weaker; MACs usually address the weakness as well
  • #17 derived from MD4 (fixing known MD4 weaknesses) broken in 2004 by Wang, Yin; furher improved by others currently collision in a few hours on common desktop PC
  • #18 higher level API, processes entire input at once both stream and byte array based parameter support
  • #19 also derived from MD4 SHA-0 broken (Wang, Yin, Yu 2004): collisions in 2**69 instead of 2**80 SHA-1 broken (Wang, Yin, Yu 2005): collisions in 2**69 instead of 2**80
  • #20 lower-level API, processes input in arbitrary chunks can get digest value in progress, I.e can continue with updates after a #digest call can clone a digest in progress (#copy) can be queried for #blockSize and #digestSize and current #messageLength can reuse algorithm instances after #reset
  • #21 - bound to the key and to the data being signed (it won’t validate with any other data)
  • #22 digest encoding is to expand the digest to match the bit-size of n destroy any structure that the encoded bytes might have seed a random generator with the digest and use as many bytes as possible
  • #24 based on “discrete logarithm” problem used for signatures only signing: Generate a random per message value k where 0 &lt; k &lt; q (this is known as a nonce ) Calculate r = ( g k mod p ) mod q Calculate s = ( k -1 (SHA-1( m ) + x * r )) mod q Recalculate the signature in the unlikely case that r =0 or s =0 The signature is ( r , s ) verification: Reject the signature if either 0&lt; r &lt;q or 0&lt; s &lt;q is not satisfied. Calculate w = ( s ) -1 mod q Calculate u 1 = (SHA-1( m )* w ) mod q Calculate u 2 = ( r * w ) mod q Calculate v = (( g u 1 * y u 2 ) mod p ) mod q The signature is valid if v = r Note: FIPS-186-2, change notice 1 specifies that L should only assume the value 1024 forthcoming FIPS 186-3 (described, e.g., in SP 800-57) uses SHA-224, SHA-256, SHA-384, and SHA-512 as a hash function, q of size 224, 256, 384, and 512 bits, with L equal to 2048, 3072, 7680, and 15360, respectively.