SlideShare a Scribd company logo
1 of 56
1
Hash Algorithm
Hash AlgorithmHash Algorithm
 A hash algorithm is a one way function that converts a data
string into a numeric string output of fixed length. The output
string is generally much smaller than the original data.
Therefore it is also called message digest or message
compression algorithm.
 Hash algorithms are designed to be collision-resistant, meaning
that there is a very low probability that the same string would
be created for different data.
 Two of the most common hash algorithms are the MD5
(Message-Digest algorithm 5) and the SHA-1 (Secure Hash
Algorithm). MD5 Message Digest checksums are commonly
used to validate data integrity when digital files are transferred
or stored.
One-way Hash FunctionOne-way Hash Function
 The notion of a one-way function is central to public-key
cryptography.
 A one-way hash function is a mathematical function which
takes a variable-length input string (called pre-image) and
converts it into a fixed-length binary sequence (called hash
value).
 It is also known as a message digest, fingerprint or
compression function,
 Furthermore, a one-way hash function is designed in such
a way that it is hard to reverse the process, that is, it is
easy to compute a hash value from pre-image but it is hard
to generate a pre-image that hashes to a particular value.
Documents
e.g. 10-MB
Hash Value
e.g.160-Bit
Hash Function
Compress
Function
A one way hash function H(M) operates on an arbitrary
length pre-image message M, and return a fixed length hash
value h.
h=H(M) ,where h is the length of m
One-way Hash FunctionOne-way Hash Function
 Many functions can take an arbitrary-length input and return
an output of fixed length, but one-way hash functions have
additional characteristics that make them one-way:
1. It is relatively easy to compute, but significantly harder to
reverse. That is, given M it is easy to compute H(M), but given
H(M) it is hard to compute x.
2. Moreover it is also very hard to find another message M’ such
that H(M’)=H(M). In other words it is collision resistant.
 In this context, "hard" is defined as something like: It would
take millions of years to compute M from H(M), even if all the
computers in the world were assigned to the problem.
One-way Hash FunctionOne-way Hash Function
 When applying digital signature to a document, we no longer
need to encrypt the entire document with a sender's private key,
it can be extremely slow. It is sufficient to encrypt the document's
hash value instead. Therefor hash algorithm is used to digest the
message before applying DSA.
 Although a one-way hash function is used mostly for generating
digital signatures, it can have other practical applications as well,
such as message integrity, password verification, generation of
pseudorandom bits, file identification and message
authentication code (MAC.)
 The Microsoft cryptographic providers support these hash
algorithms: MD4, MD5, SHA-1 and SHA256.
One-way Hash FunctionOne-way Hash Function
 Hash functions of 64 bits are just too small to survive a birthday
attack. Most practical one-way hash functions produce 128-bit
hashes.
 This forces anyone attempting the birthday attack to hash 264
random documents to find two that had the same hash value,
not enough for lasting security.
 NIST, in its Secure Hash Standard (SHS), uses a 160-bit hash
value. This makes the birthday attack even harder, requiring
280 random hashes.
Length of One-way HashLength of One-way Hash
FunctionFunction
 A slight change in an input string should cause the hash value of
the function to change drastically. Even if 1 bit is flipped in the
input string, at least half of the bits in the hash value will flip as
a result. This is called an avalanche effect.
 Since it is computationally infeasible to produce a document
that would hash to a given value or find two documents with
the same hash value.
 As there is almost no chance to have the same hash value of two
different messages, so it is called collision free or collision
resistant.
 A document's hash can serve as a cryptographic equivalent of
the document. This makes a one-way hash function a central
notion in public-key cryptography.
Collision ResistanceCollision Resistance
Hash CollisionHash Collision
 When different input message results in the same
hash value, then it is called hash collision.
Application: HashingApplication: Hashing
PasswordPassword
 Hashing passwords: It's a bad idea for computer systems to
store passwords in cleartext (in their original form), because if
the bad guy can somehow get to where they're stored, he gets all
the passwords.
 Knowing how many people foolishly use one password at
multiple sites, getting a stash from one system may give access
to others.
 A more secure way is to store a hash of the password, rather
than the password itself. Since these hashes are not reversible,
there is no way to find out for sure "what password produced
this hash?" - and the so consequence of a compromise is much
lower.
Application: HashingApplication: Hashing
PasswordPassword
How
password
is
stored
using hash
“Hello”
Hash Algorithm
9a46ba811185c194762
Hash of the
Password Stored
Original
Password
Hashed
Password
Applications of HashApplications of Hash
“World”
Hash Algorithm
Hash of the
Password Stored
Wrong
Password
9a46ba811185c194762er4a46b7w0534894789
Do Hashes
Matched?
Access GrantedAccess Denied
Hash Value
Mismatched
[Yes][No]
How
password
is
verified
using hash
Application: Verifying theApplication: Verifying the
IntegrityIntegrity
 Verifying file integrity The most obvious use is "verifying file
integrity".
 If you have just downloaded a large piece of software from a
website, how do you know that you've received it correctly and
that it has not been tampered with?
 One way is to download the file again and compare the bits: if
the bits are the same, you're probably ok, but if they're different,
which ones are the right bits?
 Finding out means yet another download with compare, and
this gets very tedious very quickly. Instead, if the website
publishes the hash values of its download bundles, you can
check it yourself.
Application: With DigitalApplication: With Digital
SignatureSignature
 Hashing is to digest the original message while signing the
document digitally.
I agree to pay
$50 for the
software
Hash
Algorithm
er4a46b7w05348
94789 Encrypt
43985dlfslfnsv90
64klj79dsflk6
Private Key
Hash of Document
Digital Signature
Document to be
Signed
Trapdoor One-way FunctionTrapdoor One-way Function
 A trapdoor one-way function is a special type of one-way
function, one with a secret trapdoor. It is easy to compute in one
direction and hard to compute in the other direction. But, if you
know the secret, you can easily compute the function in the other
direction.
 That is, it is easy to compute f(x) given x, and hard to compute x
given f(x). However, there is some secret information, y, such
that given f(x) and y it is easy to compute x.
 A watch is a good example of a trap-door one-way function. It is
easy to disassemble a watch into hundreds of pieces. It is very
difficult to put those tiny pieces back together into a working
watch. However, with the assembly instructions it is much easier
What is Birthday AttackWhat is Birthday Attack
 A birthday attack is a name used to refer to a class of brute-
force attacks. It is a type of cryptographic attack that exploits
the mathematics behind the birthday problem in probability
theory. This attack can be used to abuse communication
between two or more parties.
 It gets its name from the surprising result that the probability
that two or more people in a group of 23 people share the
same birthday is greater than 50.7%. Such a result is called a
birthday paradox.
 Birthday attacks are often used to find collisions of hash
functions. However to understand birthday attack we have
study the birthday problem.
Birthday ProblemBirthday Problem
 In probability theory, the birthday problem or birthday
paradoxconcerns the probability that, in a set of randomly
chosen people, some pair of them will have the same birthday.
 By the pigeonhole principle, the probability reaches 100% when
the number of people reaches 367, since there are 366 possible
birthdays, including February 29.
 However, 99.9% probability is reached with just 70 people, and
50% probability with 23 people. These conclusions include the
assumption that each day of the year (except February 29) is
equally probable for a birthday.
 The mathematics behind this problem led to a well-known
cryptographic attack called the birthday attack, which uses this
probabilistic model to reduce the complexity of finding a
collision for a hash function.
Mathematical base of BirthdayMathematical base of Birthday
ProblemProblem
 The problem is to compute the approximate probability that in a
group of n people, at least two have the same birthday.
 The goal is to compute P(A), the probability that at least two people
in the room have the same birthday.
 However, it is simpler to calculate P(A'), the probability that no two
people in the room have the same birthday. Because A and A' are
the only two possibilities and are also mutually exclusive,
P(A) = 1 − P(A').
 When events are independent of each other, the probability of all of
the events occurring is equal to a product of the probabilities of
each of the events occurring. Therefore, if P(A') can be described as
23 independent events, P(A') could be calculated as
P(1) × P(2) × P(3) × ... × P(23).
Mathematical base of BirthdayMathematical base of Birthday
ProblemProblem
 The 23 independent events correspond to the 23 people, and can be
defined in order. Each event can be defined as the corresponding
person not sharing his/her birthday with any of the previously
analyzed people.
 For Event 1, there are no previously analyzed people. Therefore, the
probability, P(1), that Person 1 does not share his/her birthday with
previously analyzed people is 1, or 100%.
 Ignoring leap years for this analysis, the probability of person 1 can
also be written as 365/365, for reasons that will become clear below.
 For Event 2, the only previously analyzed people are Person 1.
Assuming that birthdays are equally likely to happen on each of the
365 days of the year, the probability, P(2), that Person 2 has a
different birthday than Person 1 is 364/365. This is because, if
Person 2 was born on any of the other 364 days of the year, Persons 1
and 2 will not share the same birthday.
Mathematical base of BirthdayMathematical base of Birthday
ProblemProblem
 Similarly, if Person 3 is born on any of the 363 days of the year
other than the birthdays of Persons 1 and 2, Person 3 will not
share their birthday. This makes the probability P(3) = 363/365
 P(A') is equal to the product of these individual probabilities:
 Then
 Finally P(A’) = 0.492703
 Now as P(A)=1-P(A’) then P(A)= 1- 0.492703= 0.507297 or 50.7%
 So the possibility of 2 person in a group of 23 people have same
birthday is 50.7%
Mathematical base of BirthdayMathematical base of Birthday
ProblemProblem
 So the possibility of 2 person in a group of 23 people have same
birthday is P(A)= 1- P(A‘)
 Where P(A’)= is the possibility of not have same birthday, that is
for a group of 23 people
 Then we can write in general, the possibility of 2 person in a
group of n people have same birthday is P(A)= 1- P(A‘)
Snefru: Hash AlgorithmSnefru: Hash Algorithm
• Snefru is a cryptographic hash function invented by Ralph
Merkle in 1990 while working at Xerox PARC. It was named
after the Egyptian Pharaoh Sneferu, continuing the tradition of
the Khufu and Khafre block ciphers.
• The function supports 128-bit and 256-bit output, meaning
Snefru hashes arbitrary-length messages into either 128-bit or
256-bit values.
 The original design of Snefru was shown to be insecure by Eli
Biham and Adi Shamir who were able to use differential
cryptanalysis to find hash collisions
MD4 HashingMD4 Hashing
 Both MD4 and MD5 were invented by Ron Rivest . MD stands
for Message Digest. The algorithms produce 128-bit hash
values.
 It takes a message of arbitrary length as input and produces a
128 bit “fingerprint” or “message digest” or hash value as
output .
 It is computationally infeasible to produce two messages having
the same message digest.
 This algorithm has incluenced the posterior algorithms like
MD5, SHA and RIPEMD.
 MD4 is used to compute NTLM password-derived key digests
on Microsoft Windows NT, XP, Vista and 7
MD4 HashingMD4 Hashing
MD4("The quick brown fox jumps over the lazy dog")
= 1bee69a46ba811185c194762abaeae90
Even a small change in the message will (with overwhelming
probability) result in a completely different hash, e.g.
changing d to c:
MD4("The quick brown fox jumps over the lazy cog")
= b86e130ce7028da59e672d56ad0113df
The hash of the zero-length string is:
MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
MD4 AlgorithmMD4 Algorithm
 We begin by supposing that we have a b bit message as input,
and that we wish to find its message digest. Here b is an
arbitrary nonnegative integer; b may be zero, it need not be a
multiple of 8, and it may be arbitrarily large. We imagine the
bits of the message written down as follows: m0 m1m2m3... mb-1
Little VS Big EndianLittle VS Big Endian
 We've defined a word to mean 32 bits. This is the same as 4
bytes. Integers, single-precision floating point numbers, and
MIPS instructions are all 32 bits long. How can we store these
values into memory? After all, each memory address can store a
single byte, not 4 bytes.
 The answer is simple. We split the 32 bit quantity into 4 bytes.
For example, suppose we have a 32 bit quantity, written as
90AB12CD16, which is hexadecimal. Since each hex digit is 4 bits,
we need 8 hex digits to represent the 32 bit value.
 So, the 4 bytes are: 90, AB, 12, CD where each byte requires 2
hex digits.
 It turns out there are two ways to store this in memory.
Little VS Big EndianLittle VS Big Endian
Address Value
1000 CD
1001 12
1002 AB
1003 90
 In little endian, you store the least significant byte in the smallest
address. That is the least significant byte is stored first.
Little EndianLittle Endian
 In big endian, you store the most significant byte in the smallest
address, which is in the reverse order compared to little endian.
Address Value
1000 90
1001 AB
1002 12
1003 CD
Big EndianBig Endian
MD4 : Append bitsMD4 : Append bits
 Step 1. Append padding bits : The message is padded
(extended) so that its length (in bits) is congruent to 448, modulo
512. That is, the message is extended so that it is just 64 bits
shy(Short) of being a multiple of 512 bits long. Padding is
always performed, even if the length of the message is already
congruent to 448, modulo 512 (in which case 512 bits of
padding are added).
 Padding is performed as follows: a single “1” bit is appended
to the message, and then enough zero bits are appended so
that the length in bits of the padded message becomes
congruent to 448, modulo 512. (This padding operation is
invertible, SO that different inputs yield different outputs-this
would not be true if we merely(rarely) padded with 0’s.)
MD4 : Append LengthMD4 : Append Length
 Step 2. Append length: A 64-bit representation of b (the
length of the message before the padding bits were added) is
appended to the result of the previous step. These bits are
appended as two 32-bit words and appended low-order word
first in accordance with the previous conventions. In the unlikely
event that b is greater than 264
, then only the low-order 64 bits of b
are used.
 At this point the resulting message (after padding with bits and
with b) has a length that is an exact multiple of 512 bits.
Equivalently, this message has a length that is an exact multiple
of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the
resulting message, where N is a multiple of 16.
MD4 : Initialize MD BufferMD4 : Initialize MD Buffer
 Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is
used to compute the message digest. Here each of A, B, C, D is
a 32-bit register. These registers are initialized to the
following values (in hexadecimal, low-order bytes first):
word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10
MD4 : Process MessageMD4 : Process Message
 Step 4. Process message in 16-word blocks : Process message in 16-
word blocks. It contain 3 round with 16 steps or operation each(MD5
has 4 rounds). It take three 32 bit words as input and produce one 32
bit word as output.
 We first define three auxiliary functions that each take as input three
32-bit words and produce as output one 32-bit word.
F(X, Y, Z)=(X Y ) (¬X Z) [Step 0 to 15]∧ ∨ ∧
G(X, Y, Z)=(X Y ) (X Z) (Y Z) [Step 16 to 31]∧ ∨ ∧ ∨ ∧
H(X, Y, Z)=X Y Z [Step 32 to 47]⊕ ⊕
Where is XOR,⊕ is AND, is OR and∧ ∨ ¬ is NOT
 In each bit position F facts as a conditional: if x then y else z. In each bit
position G acts as a majority function: if at least two of x,y, z are one,
then G has a one in that position. The function H is the bit-wise xor or
parity function.
 MD4 utilizes two “magic constants” in rounds two and three.
MD4 : Output MessageMD4 : Output Message
 Step 5 – output : The message digest produced as output is A, B,
C, D. That is, we begin with the low-order byte of A, and end
with the high-order byte of D
MD4 Design GoalMD4 Design Goal
 Rivest outlined his design goals for the algorithm:
1. Security : It is computationally infeasible to find two messages that
hashed to the same value.
2. Direct Security : MD4’s security is not based on any assumption
rather than the computational efficiency of computer
3. Attack : No attack is more efficient than brute force.
4. Speed : MD4 is suitable for high-speed software implementations. It
is based on a simple set of bit manipulations on 32-bit operands.
5. Simplicity and Compactness : MD4 is as simple as possible, without
large data structures or a complicated program.
6. Favor Little-Endian Architectures : Meaning it stores the least-
significant byte of a word in the low-address byte position(to the
right most position).MD4 is optimized for microprocessor
architectures (specifically Intel microprocessors); larger and faster
computers make any necessary translations.
Security of MD4Security of MD4
 The security of MD4 has been severely compromised. The first
full collision attack against MD4 was published in 1995 and
several newer attacks have been published since then. As of
2007, an attack can generate collisions in less than 2 MD4 hash
operations. A theoretical preimage attack also exists.
 For evaluating the strength of a hash function 2 concepts are in
use.
1. Resistant to preimage attack: Given a hash value obtain a
message that has the same hash value.
2. Resistant to collision attack: Obtain two message that has the
same hash.
MD4 VS MD5MD4 VS MD5
 Actually both MD4 & MD5 are not encryption algorithm, they are a
hash function that produce a 128-bit hash value. These are used
with encryption algorithms, sometimes.
 The following are the differences between MD4 and MD5:
1. A fourth round has been added.
2. Each step now has a unique additive constant.
3. The function G in round 2 was changed from (XY v XZ v YZ) to (XZ v
Y not(Z)) to make G less symmetric.
4. Each step now adds in the result of the previous step. This promotes
a faster "avalanche effect".
5. The order in which input words are accessed in rounds 2 and 3 is
changed, to make these patterns less like each other.
6. The shift amounts in each round have been approximately
optimized, to yield a faster "avalanche effect." The shifts in different
rounds are distinct.
MD5 HashingMD5 Hashing
 The MD5 message-digest algorithm is a widely used
cryptographic hash function producing a 128-bit (16-byte) hash
value, typically expressed in text format as a 32 digit hexadecimal
number. MD5 were invented by Ron Rivest as an improved
version of MD4.
 MD5 has been utilized in a wide variety of cryptographic
applications, and is also commonly used to verify data integrity. It
is Intended where a large file must be “compressed” in a secure
manner before being encrypted with a private key under a
public-key cryptosystem such as PGP.
 MD5 can be used to store a one-way hash of a password, often
with key stretching.
Security of MD5Security of MD5
 In 2004 it was shown that MD5 is not collision resistant. As
such, MD5 is not suitable for applications like SSL certificates or
digital signatures that rely on this property for digital security.
 Also in 2004 more serious flaws were discovered in MD5,
making further use of the algorithm for security purposes
questionable. Specifically, a group of researchers described how
to create a pair of files that share the same MD5 checksum.
 Further advances were made in breaking MD5 in 2005, 2006,
and 2007.
 In December 2008, a group of researchers used this technique
to fake SSL certificate validity, and CMU Software Engineering
Institute now says that “MD5 should be considered
cryptographically broken and unsuitable for further use"
MD5 : Append bitsMD5 : Append bits
 Step 1. Append padding bits : The message is padded
(extended) so that its length (in bits) is congruent to 448, modulo
512. That is, the message is extended so that it is just 64 bits
shy(Short) of being a multiple of 512 bits long. Padding is
always performed, even if the length of the message is already
congruent to 448, modulo 512 (in which case 512 bits of
padding are added).
 Padding is performed as follows: a single “1” bit is appended
to the message, and then enough zero bits are appended so
that the length in bits of the padded message becomes
congruent to 448, modulo 512. (This padding operation is
invertible, SO that different inputs yield different outputs-this
would not be true if we merely(rarely) padded with 0’s.)
MD5 : Append LengthMD5 : Append Length
 Step 2. Append length: A 64-bit representation of b (the
length of the message before the padding bits were added) is
appended to the result of the previous step. These bits are
appended as two 32-bit words and appended low-order word
first in accordance with the previous conventions. In the unlikely
event that b is greater than 264
, then only the low-order 64 bits of b
are used.
 At this point the resulting message (after padding with bits and
with b) has a length that is an exact multiple of 512 bits.
Equivalently, this message has a length that is an exact multiple
of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the
resulting message, where N is a multiple of 16.
MD5 : Initialize MD BufferMD5 : Initialize MD Buffer
 Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is
used to compute the message digest. Here each of A, B, C, D is
a 32-bit register. These registers are initialized to the
following values (in hexadecimal, low-order bytes first):
word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10
 There are called chaining variables
MD5 : Process MessageMD5 : Process Message
 Step 4. Process message in 16-word blocks : Process message in 16-
word blocks. It contain 4 round with 16 steps or operation each(MD4
has 3 rounds). It take three 32 bit words as input and produce one 32
bit word as output.
 We first define three auxiliary functions that each take as input three
32-bit words and produce as output one 32-bit word.
F(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) [Step 0 to 15]
G(X,Y,Z) = (X∧Z) ∨ (Y∧(¬ Z)) [Step 16 to 31]
H(X,Y,Z) = X Y Z⊕ ⊕ [Step 32 to 47]
I(X,Y,Z) = Y ⊕ (X∨(¬ Z)) [Step 48 to 64]
 In each bit position f acts as a conditional: if x then y else z. In each bit
position g acts as a majority function: if at least two of x,y, z are one,
then g has a one in that position. The function h is the bit-wise xor or
parity function.
 MD4 utilizes two “magic constants” in rounds two and three. The round
two constant is fi and the round 3 constant is a
MD5 : Output MessageMD5 : Output Message
 Step 5 output : The message digest produced as output is A, B,
C, D. That is, we begin with the low-order byte of A, and end
with the high-order byte of D
Main Loop of MD5
One MD5 OperationOne MD5 Operation
 MD4 consists of 48 of
these operations, grouped
in 3 rounds of 16
operations.
 While MD5 consists of 64
of these operations,
grouped in 4 rounds of
operations.
 F is a nonlinear function;
one function is used in
each round.
 Mi denotes a 32-bit block
of the message input, and
Ki denotes a 32-bit
constant, different for
each operation
MD5 : ApplicationsMD5 : Applications
 MD5 digests have been widely used in the software world to
provide some assurance that a transferred file has arrived
intact. For example, file servers often provide a pre-computed
MD5 (known as Md5sum) checksum for the files, so that a user
can compare the checksum of the downloaded file to it.
 Most unix-based operating
systems include MD5 sum
utilities in their distribution
packages;
 Windows users may install a
Microsoft utility or use third-
party applications.
 Android ROMs also utilize this
type of checksum.
SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm
 The Secure Hash Algorithm is a family of cryptographic hash
functions published by the National Institute of Standards and
Technology (NIST) as a U.S. Federal Information Processing
Standard (FIPS)
 It includes the following variations:
1. SHA
2. SHA-0
3. SHA-1
4. SHA-2
5. SHA-3
 The SHA is called secure because it is designed to be
computationally infeasible to find two different messages which
produce the same message digest. Any change to a message in
transit will result in a different message digest, and the signature
will fail to verify.
 Secure Hash Algorithm (SHA) is necessary to ensure the security
of the Digital Signature Algorithm (DSA).It takes a message of any
length <264
bits as input and produces a 160-bit message digest as
output.
 The message digest is then input to the DSA, which computes the
signature for the message. Signing the message digest rather than
the message often improves the efficiency of the process, because
the message digest is usually much smaller than the message.
SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm
SHA: VariationsSHA: Variations
 SHA: It is the original version and 160-bit hash function
published in 1993.
 SHA-0: A retronym applied to the original version of the 160-
bit hash function published in 1993 under the name "SHA". It
was withdrawn shortly after publication due to an undisclosed
"significant flaw" and replaced by the slightly revised version
SHA-1.
 SHA-1: A 160-bit hash function which resembles the earlier
MD5 algorithm. This was designed by the NSA to be part of the
Digital Signature Algorithm. Cryptographic weaknesses were
discovered in SHA-1, and the standard was no longer approved
for most cryptographic uses after 2010.
SHA: VariationsSHA: Variations
• SHA-2: It is a family of two similar hash functions known as
SHA-256 and SHA-512, with different block sizes. Both
algorithm belongs to SHA-2. They differ in the word size. SHA-
256 uses 32-bit words where SHA-512 uses 64-bit words.
There are also truncated versions of each standard, known as
SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These
were also designed by the NSA.
• SHA-3: A hash function formerly called Keccak, chosen in 2012
after a public competition among non-NSA designers. It
supports the same hash lengths as SHA-2 but its internal
structure differs significantly from the rest of the SHA family.
SHA: Append BitsSHA: Append Bits
 Suppose given a b-bit message as input and we need to find its
message digest.
 Step 1. Append padding bits : The message is padded exactly as
MD5.
 The message is padded (extended) so that its length (in bits) is
congruent to 448, modulo 512. That is, the message is extended
so that it is just 64 bits shy(Short) of being a multiple of 512 bits
long. Padding is always performed, even if the length of the
message is already congruent to 448, modulo 512 (in which case
512 bits of padding are added).
 Padding is performed as follows: a single “1” bit is appended to
the message, and then enough zero bits are appended so that the
length in bits of the padded message becomes congruent to 448,
modulo 512.
 Step 2 – append length: A 64 bit representation of message b is
appended to the result of the previous step . The resulting
message has a length that is an exact multiple of 512 bits.
 Step 3 – Initialize MD Buffer: A five-word buffer (A,B,C,D) is
used to compute the message digest. Here each of A,B,C,D,E is a
32 bit register . These registers are initialized to the following
values in hexadecimal:
Word A : 67 45 23 01
Word B : ef cd ab 89
Word C : 98 ba dc fe
Word D : 10 32 54 76
Word E : c3 d2 e1 f0
 These are called chaining variables
SHA: Append BitsSHA: Append Bits
 Step 4 – Process message in 16-word blocks. It contains 4
rounds with 20 steps or operations each(MD4 has 3 and MD5 has
4rounds). Four auxiliary functions that take three 32 bit as input
words and produce one 32-bit word as output.
ft(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) for t=0 to 19
ft(X,Y,Z) = X Y Z for t=20 to 39⊕ ⊕
ft(X,Y,Z) = (X Y ) (X Z) (Y Z) for t=40 to 59∧ ∨ ∧ ∨ ∧
ft(X,Y,Z) = X Y Z for t=60 to 79⊕ ⊕
 Step 5 – output : The message digest produced as output is A, B,
C, D. That is, output begins with the low-order byte of A, and end
with the high-order byte of E.
SHA: Process MessageSHA: Process Message
SHA-1 VS MD5SHA-1 VS MD5
1. Brute force attack is harder (160 vs 128 bits for MD5)
2. Not vulnerable to any known attacks (compared to
MD4/5)
3. Little slower than MD5 (80 vs 64 steps)
4. Both designed as simple and compact
5. Optimised for big endian CPU's (vs MD5 which is
optimised for little endian CPU’s)
Security of SHASecurity of SHA
 Ron Rivest outlined the improvements of SHA with respect
to MD4 and MD5:
1. “A fourth round has been added.” SHA does this too. But
in SHA 4th
round uses the same f function as the 2nd
round.
2. “ Each step now has a unique additive constant ”. But
SHA reuses the constants for each group of 20 rounds
like the MD4.
3. “The function G in round 2 was changed from ((X∧ Y ) ∨ (
X ∧ Z ) ∨ ( Y ∧ Z )) to ((X∧Z) ∨(Y∧ (¬ Z )) to make G less
symmetric.” SHA uses the MD4 version ((X∧ Y ) ∨ ( X ∧
Z ) ∨ ( Y ∧ Z ))
4. “The order in which message sub-blocks are accessed in
rounds 2 and 3 is changed”. SHA is completely different ,it
uses a cyclic error correcting code.
5. “Each step now adds in the result of the previous step. This
promotes a faster avalanche effect”. SHA also follows this
change
6. “The amounts of left circular shift in each round have been
approximately optimized, to yield a faster avalanche effect.
The four shifts used in each round are different from the
ones used in other rounds.” SHA uses a constant amount of
shifts in each round like MD4
Security of SHASecurity of SHA
ReferencesReferences
 http://en.wikipedia.org/wiki/
 Applied Cryptography by Bruce Schneier; 10th
Anniversary
edition
56
Md. Shakhawat Hossain
Student of Department of Computer Science &
Engineering
University of Rajshahi
E-mail: mshimul86@gmail.com

More Related Content

What's hot

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & AnalysisPawandeep Kaur
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authenticationchauhankapil
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key CryptographyGopal Sakarkar
 
symmetric key encryption algorithms
 symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardDr.Florence Dayana
 
Merkle Trees and Fusion Trees
Merkle Trees and Fusion TreesMerkle Trees and Fusion Trees
Merkle Trees and Fusion TreesRohithND
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 

What's hot (20)

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Hash Function & Analysis
Hash Function & AnalysisHash Function & Analysis
Hash Function & Analysis
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design Principles
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 
symmetric key encryption algorithms
 symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
Hash Function
Hash Function Hash Function
Hash Function
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
MD-5 : Algorithm
MD-5 : AlgorithmMD-5 : Algorithm
MD-5 : Algorithm
 
Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardBlock Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard
 
Merkle Trees and Fusion Trees
Merkle Trees and Fusion TreesMerkle Trees and Fusion Trees
Merkle Trees and Fusion Trees
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
Cryptography
CryptographyCryptography
Cryptography
 

Similar to Hashing

Finally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docxFinally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docxRAJU852744
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyunit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyNithyasriA2
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
NSC_Unit-III_final.ppt
NSC_Unit-III_final.pptNSC_Unit-III_final.ppt
NSC_Unit-III_final.pptDrVASAVIBANDE
 
2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptxChinnu Chinnu
 
Password cracking
Password crackingPassword cracking
Password crackingIlan Mindel
 
Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...Vaibhav Khanna
 
Cryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docxCryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docxmydrynan
 
secure hash function for authentication in CNS
secure hash function for authentication in CNSsecure hash function for authentication in CNS
secure hash function for authentication in CNSNithyasriA2
 

Similar to Hashing (20)

Hash Function.pdf
Hash Function.pdfHash Function.pdf
Hash Function.pdf
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Finally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docxFinally, in responding to your peers’ posts, assess your peers’ reco.docx
Finally, in responding to your peers’ posts, assess your peers’ reco.docx
 
unit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptographyunit 4.pptx of hash function in cryptography
unit 4.pptx of hash function in cryptography
 
Hashing
HashingHashing
Hashing
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
 
NSC_Unit-III_final.ppt
NSC_Unit-III_final.pptNSC_Unit-III_final.ppt
NSC_Unit-III_final.ppt
 
2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx2 Cryptographic_Hash_Functions.pptx
2 Cryptographic_Hash_Functions.pptx
 
Unit 4
Unit 4Unit 4
Unit 4
 
Password cracking
Password crackingPassword cracking
Password cracking
 
SPIE-2014
SPIE-2014SPIE-2014
SPIE-2014
 
Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...Information and network security 38 birthday attacks and security of hash fun...
Information and network security 38 birthday attacks and security of hash fun...
 
Cryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docxCryptography and Network Security Principles and PracticeSeve.docx
Cryptography and Network Security Principles and PracticeSeve.docx
 
secure hash function for authentication in CNS
secure hash function for authentication in CNSsecure hash function for authentication in CNS
secure hash function for authentication in CNS
 

More from Hossain Md Shakhawat

More from Hossain Md Shakhawat (20)

Recipe for the effective presentaion
Recipe for the effective presentaionRecipe for the effective presentaion
Recipe for the effective presentaion
 
The Road to Higher study in Japan
The Road to Higher study in JapanThe Road to Higher study in Japan
The Road to Higher study in Japan
 
Application of dfs
Application of dfsApplication of dfs
Application of dfs
 
Breadth first search and depth first search
Breadth first search and  depth first searchBreadth first search and  depth first search
Breadth first search and depth first search
 
Islamic jurisprudence
Islamic jurisprudenceIslamic jurisprudence
Islamic jurisprudence
 
Introduction to Medical Imaging
Introduction to Medical ImagingIntroduction to Medical Imaging
Introduction to Medical Imaging
 
Jpeg compression
Jpeg compressionJpeg compression
Jpeg compression
 
Surah Fatiha
Surah FatihaSurah Fatiha
Surah Fatiha
 
Decision making and looping
Decision making and loopingDecision making and looping
Decision making and looping
 
Decision making and branching
Decision making and branchingDecision making and branching
Decision making and branching
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Caesar cipher
Caesar cipherCaesar cipher
Caesar cipher
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,
 
Introduction to digital image processing
Introduction to digital image processingIntroduction to digital image processing
Introduction to digital image processing
 
History of computing
History of computingHistory of computing
History of computing
 
Introduction to Printers
Introduction to PrintersIntroduction to Printers
Introduction to Printers
 
Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)Input devices_(Mouse and Keyboard)
Input devices_(Mouse and Keyboard)
 
Binary search tree(bst)
Binary search tree(bst)Binary search tree(bst)
Binary search tree(bst)
 

Recently uploaded

The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxheathfieldcps1
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfbu07226
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...Nguyen Thanh Tu Collection
 
Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).Mohamed Rizk Khodair
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文中 央社
 
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45MysoreMuleSoftMeetup
 
Essential Safety precautions during monsoon season
Essential Safety precautions during monsoon seasonEssential Safety precautions during monsoon season
Essential Safety precautions during monsoon seasonMayur Khatri
 
How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17Celine George
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...Nguyen Thanh Tu Collection
 
Championnat de France de Tennis de table/
Championnat de France de Tennis de table/Championnat de France de Tennis de table/
Championnat de France de Tennis de table/siemaillard
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfQucHHunhnh
 
....................Muslim-Law notes.pdf
....................Muslim-Law notes.pdf....................Muslim-Law notes.pdf
....................Muslim-Law notes.pdfVikramadityaRaj
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfmstarkes24
 
Mbaye_Astou.Education Civica_Human Rights.pptx
Mbaye_Astou.Education Civica_Human Rights.pptxMbaye_Astou.Education Civica_Human Rights.pptx
Mbaye_Astou.Education Civica_Human Rights.pptxnuriaiuzzolino1
 
Behavioral-sciences-dr-mowadat rana (1).pdf
Behavioral-sciences-dr-mowadat rana (1).pdfBehavioral-sciences-dr-mowadat rana (1).pdf
Behavioral-sciences-dr-mowadat rana (1).pdfaedhbteg
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxJenilouCasareno
 

Recently uploaded (20)

The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
 
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdfINU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
INU_CAPSTONEDESIGN_비밀번호486_업로드용 발표자료.pdf
 
“O BEIJO” EM ARTE .
“O BEIJO” EM ARTE                       .“O BEIJO” EM ARTE                       .
“O BEIJO” EM ARTE .
 
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
BỘ LUYỆN NGHE TIẾNG ANH 8 GLOBAL SUCCESS CẢ NĂM (GỒM 12 UNITS, MỖI UNIT GỒM 3...
 
Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).Dementia (Alzheimer & vasular dementia).
Dementia (Alzheimer & vasular dementia).
 
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdfPost Exam Fun(da) Intra UEM General Quiz - Finals.pdf
Post Exam Fun(da) Intra UEM General Quiz - Finals.pdf
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
 
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
Exploring Gemini AI and Integration with MuleSoft | MuleSoft Mysore Meetup #45
 
Essential Safety precautions during monsoon season
Essential Safety precautions during monsoon seasonEssential Safety precautions during monsoon season
Essential Safety precautions during monsoon season
 
How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17How to Manage Notification Preferences in the Odoo 17
How to Manage Notification Preferences in the Odoo 17
 
Word Stress rules esl .pptx
Word Stress rules esl               .pptxWord Stress rules esl               .pptx
Word Stress rules esl .pptx
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT VẬT LÝ 2024 - TỪ CÁC TRƯỜNG, TRƯ...
 
Championnat de France de Tennis de table/
Championnat de France de Tennis de table/Championnat de France de Tennis de table/
Championnat de France de Tennis de table/
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
 
....................Muslim-Law notes.pdf
....................Muslim-Law notes.pdf....................Muslim-Law notes.pdf
....................Muslim-Law notes.pdf
 
MichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdfMichaelStarkes_UncutGemsProjectSummary.pdf
MichaelStarkes_UncutGemsProjectSummary.pdf
 
Mbaye_Astou.Education Civica_Human Rights.pptx
Mbaye_Astou.Education Civica_Human Rights.pptxMbaye_Astou.Education Civica_Human Rights.pptx
Mbaye_Astou.Education Civica_Human Rights.pptx
 
Behavioral-sciences-dr-mowadat rana (1).pdf
Behavioral-sciences-dr-mowadat rana (1).pdfBehavioral-sciences-dr-mowadat rana (1).pdf
Behavioral-sciences-dr-mowadat rana (1).pdf
 
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptxMatatag-Curriculum and the 21st Century Skills Presentation.pptx
Matatag-Curriculum and the 21st Century Skills Presentation.pptx
 
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
Operations Management - Book1.p  - Dr. Abdulfatah A. SalemOperations Management - Book1.p  - Dr. Abdulfatah A. Salem
Operations Management - Book1.p - Dr. Abdulfatah A. Salem
 

Hashing

  • 2. Hash AlgorithmHash Algorithm  A hash algorithm is a one way function that converts a data string into a numeric string output of fixed length. The output string is generally much smaller than the original data. Therefore it is also called message digest or message compression algorithm.  Hash algorithms are designed to be collision-resistant, meaning that there is a very low probability that the same string would be created for different data.  Two of the most common hash algorithms are the MD5 (Message-Digest algorithm 5) and the SHA-1 (Secure Hash Algorithm). MD5 Message Digest checksums are commonly used to validate data integrity when digital files are transferred or stored.
  • 3. One-way Hash FunctionOne-way Hash Function  The notion of a one-way function is central to public-key cryptography.  A one-way hash function is a mathematical function which takes a variable-length input string (called pre-image) and converts it into a fixed-length binary sequence (called hash value).  It is also known as a message digest, fingerprint or compression function,  Furthermore, a one-way hash function is designed in such a way that it is hard to reverse the process, that is, it is easy to compute a hash value from pre-image but it is hard to generate a pre-image that hashes to a particular value.
  • 4. Documents e.g. 10-MB Hash Value e.g.160-Bit Hash Function Compress Function A one way hash function H(M) operates on an arbitrary length pre-image message M, and return a fixed length hash value h. h=H(M) ,where h is the length of m One-way Hash FunctionOne-way Hash Function
  • 5.  Many functions can take an arbitrary-length input and return an output of fixed length, but one-way hash functions have additional characteristics that make them one-way: 1. It is relatively easy to compute, but significantly harder to reverse. That is, given M it is easy to compute H(M), but given H(M) it is hard to compute x. 2. Moreover it is also very hard to find another message M’ such that H(M’)=H(M). In other words it is collision resistant.  In this context, "hard" is defined as something like: It would take millions of years to compute M from H(M), even if all the computers in the world were assigned to the problem. One-way Hash FunctionOne-way Hash Function
  • 6.  When applying digital signature to a document, we no longer need to encrypt the entire document with a sender's private key, it can be extremely slow. It is sufficient to encrypt the document's hash value instead. Therefor hash algorithm is used to digest the message before applying DSA.  Although a one-way hash function is used mostly for generating digital signatures, it can have other practical applications as well, such as message integrity, password verification, generation of pseudorandom bits, file identification and message authentication code (MAC.)  The Microsoft cryptographic providers support these hash algorithms: MD4, MD5, SHA-1 and SHA256. One-way Hash FunctionOne-way Hash Function
  • 7.  Hash functions of 64 bits are just too small to survive a birthday attack. Most practical one-way hash functions produce 128-bit hashes.  This forces anyone attempting the birthday attack to hash 264 random documents to find two that had the same hash value, not enough for lasting security.  NIST, in its Secure Hash Standard (SHS), uses a 160-bit hash value. This makes the birthday attack even harder, requiring 280 random hashes. Length of One-way HashLength of One-way Hash FunctionFunction
  • 8.  A slight change in an input string should cause the hash value of the function to change drastically. Even if 1 bit is flipped in the input string, at least half of the bits in the hash value will flip as a result. This is called an avalanche effect.  Since it is computationally infeasible to produce a document that would hash to a given value or find two documents with the same hash value.  As there is almost no chance to have the same hash value of two different messages, so it is called collision free or collision resistant.  A document's hash can serve as a cryptographic equivalent of the document. This makes a one-way hash function a central notion in public-key cryptography. Collision ResistanceCollision Resistance
  • 9. Hash CollisionHash Collision  When different input message results in the same hash value, then it is called hash collision.
  • 10. Application: HashingApplication: Hashing PasswordPassword  Hashing passwords: It's a bad idea for computer systems to store passwords in cleartext (in their original form), because if the bad guy can somehow get to where they're stored, he gets all the passwords.  Knowing how many people foolishly use one password at multiple sites, getting a stash from one system may give access to others.  A more secure way is to store a hash of the password, rather than the password itself. Since these hashes are not reversible, there is no way to find out for sure "what password produced this hash?" - and the so consequence of a compromise is much lower.
  • 11. Application: HashingApplication: Hashing PasswordPassword How password is stored using hash “Hello” Hash Algorithm 9a46ba811185c194762 Hash of the Password Stored Original Password Hashed Password
  • 12. Applications of HashApplications of Hash “World” Hash Algorithm Hash of the Password Stored Wrong Password 9a46ba811185c194762er4a46b7w0534894789 Do Hashes Matched? Access GrantedAccess Denied Hash Value Mismatched [Yes][No] How password is verified using hash
  • 13. Application: Verifying theApplication: Verifying the IntegrityIntegrity  Verifying file integrity The most obvious use is "verifying file integrity".  If you have just downloaded a large piece of software from a website, how do you know that you've received it correctly and that it has not been tampered with?  One way is to download the file again and compare the bits: if the bits are the same, you're probably ok, but if they're different, which ones are the right bits?  Finding out means yet another download with compare, and this gets very tedious very quickly. Instead, if the website publishes the hash values of its download bundles, you can check it yourself.
  • 14. Application: With DigitalApplication: With Digital SignatureSignature  Hashing is to digest the original message while signing the document digitally. I agree to pay $50 for the software Hash Algorithm er4a46b7w05348 94789 Encrypt 43985dlfslfnsv90 64klj79dsflk6 Private Key Hash of Document Digital Signature Document to be Signed
  • 15. Trapdoor One-way FunctionTrapdoor One-way Function  A trapdoor one-way function is a special type of one-way function, one with a secret trapdoor. It is easy to compute in one direction and hard to compute in the other direction. But, if you know the secret, you can easily compute the function in the other direction.  That is, it is easy to compute f(x) given x, and hard to compute x given f(x). However, there is some secret information, y, such that given f(x) and y it is easy to compute x.  A watch is a good example of a trap-door one-way function. It is easy to disassemble a watch into hundreds of pieces. It is very difficult to put those tiny pieces back together into a working watch. However, with the assembly instructions it is much easier
  • 16. What is Birthday AttackWhat is Birthday Attack  A birthday attack is a name used to refer to a class of brute- force attacks. It is a type of cryptographic attack that exploits the mathematics behind the birthday problem in probability theory. This attack can be used to abuse communication between two or more parties.  It gets its name from the surprising result that the probability that two or more people in a group of 23 people share the same birthday is greater than 50.7%. Such a result is called a birthday paradox.  Birthday attacks are often used to find collisions of hash functions. However to understand birthday attack we have study the birthday problem.
  • 17. Birthday ProblemBirthday Problem  In probability theory, the birthday problem or birthday paradoxconcerns the probability that, in a set of randomly chosen people, some pair of them will have the same birthday.  By the pigeonhole principle, the probability reaches 100% when the number of people reaches 367, since there are 366 possible birthdays, including February 29.  However, 99.9% probability is reached with just 70 people, and 50% probability with 23 people. These conclusions include the assumption that each day of the year (except February 29) is equally probable for a birthday.  The mathematics behind this problem led to a well-known cryptographic attack called the birthday attack, which uses this probabilistic model to reduce the complexity of finding a collision for a hash function.
  • 18. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  The problem is to compute the approximate probability that in a group of n people, at least two have the same birthday.  The goal is to compute P(A), the probability that at least two people in the room have the same birthday.  However, it is simpler to calculate P(A'), the probability that no two people in the room have the same birthday. Because A and A' are the only two possibilities and are also mutually exclusive, P(A) = 1 − P(A').  When events are independent of each other, the probability of all of the events occurring is equal to a product of the probabilities of each of the events occurring. Therefore, if P(A') can be described as 23 independent events, P(A') could be calculated as P(1) × P(2) × P(3) × ... × P(23).
  • 19. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  The 23 independent events correspond to the 23 people, and can be defined in order. Each event can be defined as the corresponding person not sharing his/her birthday with any of the previously analyzed people.  For Event 1, there are no previously analyzed people. Therefore, the probability, P(1), that Person 1 does not share his/her birthday with previously analyzed people is 1, or 100%.  Ignoring leap years for this analysis, the probability of person 1 can also be written as 365/365, for reasons that will become clear below.  For Event 2, the only previously analyzed people are Person 1. Assuming that birthdays are equally likely to happen on each of the 365 days of the year, the probability, P(2), that Person 2 has a different birthday than Person 1 is 364/365. This is because, if Person 2 was born on any of the other 364 days of the year, Persons 1 and 2 will not share the same birthday.
  • 20. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  Similarly, if Person 3 is born on any of the 363 days of the year other than the birthdays of Persons 1 and 2, Person 3 will not share their birthday. This makes the probability P(3) = 363/365  P(A') is equal to the product of these individual probabilities:  Then  Finally P(A’) = 0.492703  Now as P(A)=1-P(A’) then P(A)= 1- 0.492703= 0.507297 or 50.7%  So the possibility of 2 person in a group of 23 people have same birthday is 50.7%
  • 21. Mathematical base of BirthdayMathematical base of Birthday ProblemProblem  So the possibility of 2 person in a group of 23 people have same birthday is P(A)= 1- P(A‘)  Where P(A’)= is the possibility of not have same birthday, that is for a group of 23 people  Then we can write in general, the possibility of 2 person in a group of n people have same birthday is P(A)= 1- P(A‘)
  • 22. Snefru: Hash AlgorithmSnefru: Hash Algorithm • Snefru is a cryptographic hash function invented by Ralph Merkle in 1990 while working at Xerox PARC. It was named after the Egyptian Pharaoh Sneferu, continuing the tradition of the Khufu and Khafre block ciphers. • The function supports 128-bit and 256-bit output, meaning Snefru hashes arbitrary-length messages into either 128-bit or 256-bit values.  The original design of Snefru was shown to be insecure by Eli Biham and Adi Shamir who were able to use differential cryptanalysis to find hash collisions
  • 23. MD4 HashingMD4 Hashing  Both MD4 and MD5 were invented by Ron Rivest . MD stands for Message Digest. The algorithms produce 128-bit hash values.  It takes a message of arbitrary length as input and produces a 128 bit “fingerprint” or “message digest” or hash value as output .  It is computationally infeasible to produce two messages having the same message digest.  This algorithm has incluenced the posterior algorithms like MD5, SHA and RIPEMD.  MD4 is used to compute NTLM password-derived key digests on Microsoft Windows NT, XP, Vista and 7
  • 24. MD4 HashingMD4 Hashing MD4("The quick brown fox jumps over the lazy dog") = 1bee69a46ba811185c194762abaeae90 Even a small change in the message will (with overwhelming probability) result in a completely different hash, e.g. changing d to c: MD4("The quick brown fox jumps over the lazy cog") = b86e130ce7028da59e672d56ad0113df The hash of the zero-length string is: MD4("") = 31d6cfe0d16ae931b73c59d7e0c089c0
  • 25. MD4 AlgorithmMD4 Algorithm  We begin by supposing that we have a b bit message as input, and that we wish to find its message digest. Here b is an arbitrary nonnegative integer; b may be zero, it need not be a multiple of 8, and it may be arbitrarily large. We imagine the bits of the message written down as follows: m0 m1m2m3... mb-1
  • 26. Little VS Big EndianLittle VS Big Endian  We've defined a word to mean 32 bits. This is the same as 4 bytes. Integers, single-precision floating point numbers, and MIPS instructions are all 32 bits long. How can we store these values into memory? After all, each memory address can store a single byte, not 4 bytes.  The answer is simple. We split the 32 bit quantity into 4 bytes. For example, suppose we have a 32 bit quantity, written as 90AB12CD16, which is hexadecimal. Since each hex digit is 4 bits, we need 8 hex digits to represent the 32 bit value.  So, the 4 bytes are: 90, AB, 12, CD where each byte requires 2 hex digits.  It turns out there are two ways to store this in memory.
  • 27. Little VS Big EndianLittle VS Big Endian Address Value 1000 CD 1001 12 1002 AB 1003 90  In little endian, you store the least significant byte in the smallest address. That is the least significant byte is stored first. Little EndianLittle Endian  In big endian, you store the most significant byte in the smallest address, which is in the reverse order compared to little endian. Address Value 1000 90 1001 AB 1002 12 1003 CD Big EndianBig Endian
  • 28. MD4 : Append bitsMD4 : Append bits  Step 1. Append padding bits : The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512. (This padding operation is invertible, SO that different inputs yield different outputs-this would not be true if we merely(rarely) padded with 0’s.)
  • 29. MD4 : Append LengthMD4 : Append Length  Step 2. Append length: A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. These bits are appended as two 32-bit words and appended low-order word first in accordance with the previous conventions. In the unlikely event that b is greater than 264 , then only the low-order 64 bits of b are used.  At this point the resulting message (after padding with bits and with b) has a length that is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the resulting message, where N is a multiple of 16.
  • 30. MD4 : Initialize MD BufferMD4 : Initialize MD Buffer  Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is used to compute the message digest. Here each of A, B, C, D is a 32-bit register. These registers are initialized to the following values (in hexadecimal, low-order bytes first): word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10
  • 31. MD4 : Process MessageMD4 : Process Message  Step 4. Process message in 16-word blocks : Process message in 16- word blocks. It contain 3 round with 16 steps or operation each(MD5 has 4 rounds). It take three 32 bit words as input and produce one 32 bit word as output.  We first define three auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word. F(X, Y, Z)=(X Y ) (¬X Z) [Step 0 to 15]∧ ∨ ∧ G(X, Y, Z)=(X Y ) (X Z) (Y Z) [Step 16 to 31]∧ ∨ ∧ ∨ ∧ H(X, Y, Z)=X Y Z [Step 32 to 47]⊕ ⊕ Where is XOR,⊕ is AND, is OR and∧ ∨ ¬ is NOT  In each bit position F facts as a conditional: if x then y else z. In each bit position G acts as a majority function: if at least two of x,y, z are one, then G has a one in that position. The function H is the bit-wise xor or parity function.  MD4 utilizes two “magic constants” in rounds two and three.
  • 32. MD4 : Output MessageMD4 : Output Message  Step 5 – output : The message digest produced as output is A, B, C, D. That is, we begin with the low-order byte of A, and end with the high-order byte of D
  • 33. MD4 Design GoalMD4 Design Goal  Rivest outlined his design goals for the algorithm: 1. Security : It is computationally infeasible to find two messages that hashed to the same value. 2. Direct Security : MD4’s security is not based on any assumption rather than the computational efficiency of computer 3. Attack : No attack is more efficient than brute force. 4. Speed : MD4 is suitable for high-speed software implementations. It is based on a simple set of bit manipulations on 32-bit operands. 5. Simplicity and Compactness : MD4 is as simple as possible, without large data structures or a complicated program. 6. Favor Little-Endian Architectures : Meaning it stores the least- significant byte of a word in the low-address byte position(to the right most position).MD4 is optimized for microprocessor architectures (specifically Intel microprocessors); larger and faster computers make any necessary translations.
  • 34. Security of MD4Security of MD4  The security of MD4 has been severely compromised. The first full collision attack against MD4 was published in 1995 and several newer attacks have been published since then. As of 2007, an attack can generate collisions in less than 2 MD4 hash operations. A theoretical preimage attack also exists.  For evaluating the strength of a hash function 2 concepts are in use. 1. Resistant to preimage attack: Given a hash value obtain a message that has the same hash value. 2. Resistant to collision attack: Obtain two message that has the same hash.
  • 35. MD4 VS MD5MD4 VS MD5  Actually both MD4 & MD5 are not encryption algorithm, they are a hash function that produce a 128-bit hash value. These are used with encryption algorithms, sometimes.  The following are the differences between MD4 and MD5: 1. A fourth round has been added. 2. Each step now has a unique additive constant. 3. The function G in round 2 was changed from (XY v XZ v YZ) to (XZ v Y not(Z)) to make G less symmetric. 4. Each step now adds in the result of the previous step. This promotes a faster "avalanche effect". 5. The order in which input words are accessed in rounds 2 and 3 is changed, to make these patterns less like each other. 6. The shift amounts in each round have been approximately optimized, to yield a faster "avalanche effect." The shifts in different rounds are distinct.
  • 36. MD5 HashingMD5 Hashing  The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 were invented by Ron Rivest as an improved version of MD4.  MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity. It is Intended where a large file must be “compressed” in a secure manner before being encrypted with a private key under a public-key cryptosystem such as PGP.  MD5 can be used to store a one-way hash of a password, often with key stretching.
  • 37. Security of MD5Security of MD5  In 2004 it was shown that MD5 is not collision resistant. As such, MD5 is not suitable for applications like SSL certificates or digital signatures that rely on this property for digital security.  Also in 2004 more serious flaws were discovered in MD5, making further use of the algorithm for security purposes questionable. Specifically, a group of researchers described how to create a pair of files that share the same MD5 checksum.  Further advances were made in breaking MD5 in 2005, 2006, and 2007.  In December 2008, a group of researchers used this technique to fake SSL certificate validity, and CMU Software Engineering Institute now says that “MD5 should be considered cryptographically broken and unsuitable for further use"
  • 38. MD5 : Append bitsMD5 : Append bits  Step 1. Append padding bits : The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512. (This padding operation is invertible, SO that different inputs yield different outputs-this would not be true if we merely(rarely) padded with 0’s.)
  • 39. MD5 : Append LengthMD5 : Append Length  Step 2. Append length: A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. These bits are appended as two 32-bit words and appended low-order word first in accordance with the previous conventions. In the unlikely event that b is greater than 264 , then only the low-order 64 bits of b are used.  At this point the resulting message (after padding with bits and with b) has a length that is an exact multiple of 512 bits. Equivalently, this message has a length that is an exact multiple of 16 (32-bit) words. Let M[O.. . N – 1] denote the words of the resulting message, where N is a multiple of 16.
  • 40. MD5 : Initialize MD BufferMD5 : Initialize MD Buffer  Step 3. Initialize MD buffer: A 4-word buffer (A, B, C, D) is used to compute the message digest. Here each of A, B, C, D is a 32-bit register. These registers are initialized to the following values (in hexadecimal, low-order bytes first): word A: 01 23 45 67 word B: 89 ab cd ef word C: fe dc ba 98 word D: 76 54 32 10  There are called chaining variables
  • 41. MD5 : Process MessageMD5 : Process Message  Step 4. Process message in 16-word blocks : Process message in 16- word blocks. It contain 4 round with 16 steps or operation each(MD4 has 3 rounds). It take three 32 bit words as input and produce one 32 bit word as output.  We first define three auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word. F(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) [Step 0 to 15] G(X,Y,Z) = (X∧Z) ∨ (Y∧(¬ Z)) [Step 16 to 31] H(X,Y,Z) = X Y Z⊕ ⊕ [Step 32 to 47] I(X,Y,Z) = Y ⊕ (X∨(¬ Z)) [Step 48 to 64]  In each bit position f acts as a conditional: if x then y else z. In each bit position g acts as a majority function: if at least two of x,y, z are one, then g has a one in that position. The function h is the bit-wise xor or parity function.  MD4 utilizes two “magic constants” in rounds two and three. The round two constant is fi and the round 3 constant is a
  • 42. MD5 : Output MessageMD5 : Output Message  Step 5 output : The message digest produced as output is A, B, C, D. That is, we begin with the low-order byte of A, and end with the high-order byte of D Main Loop of MD5
  • 43. One MD5 OperationOne MD5 Operation  MD4 consists of 48 of these operations, grouped in 3 rounds of 16 operations.  While MD5 consists of 64 of these operations, grouped in 4 rounds of operations.  F is a nonlinear function; one function is used in each round.  Mi denotes a 32-bit block of the message input, and Ki denotes a 32-bit constant, different for each operation
  • 44. MD5 : ApplicationsMD5 : Applications  MD5 digests have been widely used in the software world to provide some assurance that a transferred file has arrived intact. For example, file servers often provide a pre-computed MD5 (known as Md5sum) checksum for the files, so that a user can compare the checksum of the downloaded file to it.  Most unix-based operating systems include MD5 sum utilities in their distribution packages;  Windows users may install a Microsoft utility or use third- party applications.  Android ROMs also utilize this type of checksum.
  • 45. SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm  The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS)  It includes the following variations: 1. SHA 2. SHA-0 3. SHA-1 4. SHA-2 5. SHA-3
  • 46.  The SHA is called secure because it is designed to be computationally infeasible to find two different messages which produce the same message digest. Any change to a message in transit will result in a different message digest, and the signature will fail to verify.  Secure Hash Algorithm (SHA) is necessary to ensure the security of the Digital Signature Algorithm (DSA).It takes a message of any length <264 bits as input and produces a 160-bit message digest as output.  The message digest is then input to the DSA, which computes the signature for the message. Signing the message digest rather than the message often improves the efficiency of the process, because the message digest is usually much smaller than the message. SHA: Secure Hashing AlgorithmSHA: Secure Hashing Algorithm
  • 47. SHA: VariationsSHA: Variations  SHA: It is the original version and 160-bit hash function published in 1993.  SHA-0: A retronym applied to the original version of the 160- bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.  SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the NSA to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
  • 48. SHA: VariationsSHA: Variations • SHA-2: It is a family of two similar hash functions known as SHA-256 and SHA-512, with different block sizes. Both algorithm belongs to SHA-2. They differ in the word size. SHA- 256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA. • SHA-3: A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2 but its internal structure differs significantly from the rest of the SHA family.
  • 49. SHA: Append BitsSHA: Append Bits  Suppose given a b-bit message as input and we need to find its message digest.  Step 1. Append padding bits : The message is padded exactly as MD5.  The message is padded (extended) so that its length (in bits) is congruent to 448, modulo 512. That is, the message is extended so that it is just 64 bits shy(Short) of being a multiple of 512 bits long. Padding is always performed, even if the length of the message is already congruent to 448, modulo 512 (in which case 512 bits of padding are added).  Padding is performed as follows: a single “1” bit is appended to the message, and then enough zero bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512.
  • 50.  Step 2 – append length: A 64 bit representation of message b is appended to the result of the previous step . The resulting message has a length that is an exact multiple of 512 bits.  Step 3 – Initialize MD Buffer: A five-word buffer (A,B,C,D) is used to compute the message digest. Here each of A,B,C,D,E is a 32 bit register . These registers are initialized to the following values in hexadecimal: Word A : 67 45 23 01 Word B : ef cd ab 89 Word C : 98 ba dc fe Word D : 10 32 54 76 Word E : c3 d2 e1 f0  These are called chaining variables SHA: Append BitsSHA: Append Bits
  • 51.  Step 4 – Process message in 16-word blocks. It contains 4 rounds with 20 steps or operations each(MD4 has 3 and MD5 has 4rounds). Four auxiliary functions that take three 32 bit as input words and produce one 32-bit word as output. ft(X,Y,Z) = (X∧Y) ∨ ((¬ X)∧Z) for t=0 to 19 ft(X,Y,Z) = X Y Z for t=20 to 39⊕ ⊕ ft(X,Y,Z) = (X Y ) (X Z) (Y Z) for t=40 to 59∧ ∨ ∧ ∨ ∧ ft(X,Y,Z) = X Y Z for t=60 to 79⊕ ⊕  Step 5 – output : The message digest produced as output is A, B, C, D. That is, output begins with the low-order byte of A, and end with the high-order byte of E. SHA: Process MessageSHA: Process Message
  • 52. SHA-1 VS MD5SHA-1 VS MD5 1. Brute force attack is harder (160 vs 128 bits for MD5) 2. Not vulnerable to any known attacks (compared to MD4/5) 3. Little slower than MD5 (80 vs 64 steps) 4. Both designed as simple and compact 5. Optimised for big endian CPU's (vs MD5 which is optimised for little endian CPU’s)
  • 53. Security of SHASecurity of SHA  Ron Rivest outlined the improvements of SHA with respect to MD4 and MD5: 1. “A fourth round has been added.” SHA does this too. But in SHA 4th round uses the same f function as the 2nd round. 2. “ Each step now has a unique additive constant ”. But SHA reuses the constants for each group of 20 rounds like the MD4. 3. “The function G in round 2 was changed from ((X∧ Y ) ∨ ( X ∧ Z ) ∨ ( Y ∧ Z )) to ((X∧Z) ∨(Y∧ (¬ Z )) to make G less symmetric.” SHA uses the MD4 version ((X∧ Y ) ∨ ( X ∧ Z ) ∨ ( Y ∧ Z ))
  • 54. 4. “The order in which message sub-blocks are accessed in rounds 2 and 3 is changed”. SHA is completely different ,it uses a cyclic error correcting code. 5. “Each step now adds in the result of the previous step. This promotes a faster avalanche effect”. SHA also follows this change 6. “The amounts of left circular shift in each round have been approximately optimized, to yield a faster avalanche effect. The four shifts used in each round are different from the ones used in other rounds.” SHA uses a constant amount of shifts in each round like MD4 Security of SHASecurity of SHA
  • 55. ReferencesReferences  http://en.wikipedia.org/wiki/  Applied Cryptography by Bruce Schneier; 10th Anniversary edition
  • 56. 56 Md. Shakhawat Hossain Student of Department of Computer Science & Engineering University of Rajshahi E-mail: mshimul86@gmail.com

Editor's Notes

  1. Compare using the design goals listed earlier. SHA-1 is probbaly the preferred hash function for new applications. Currently no problems are known with it.