Secure digest functions

Cryptographic Hash Function

A hash function takes binary data (message), and produces a condensed representation, called a hash. The hash is also commonly called a Hash value, Message digest, or Digital fingerprint.

Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly harder to reverse.

Hashing is designed to verify and ensure:

• Authentication
• Data integrity

Cryptographic hash function is applied in many different situations

To provide proof of authenticity when it is used with a symmetric secret authentication key, such as IP Security (IPsec) or routing protocol authentication.

To provide authentication by generating one-time and one-way responses to challenges in authentication protocols, such as the PPP CHAP.

To provide a message integrity check proof, such as those accepted when accessing a secure site using a browser.

To confirm that a downloaded file (e.g., Cisco IOS images) has not been altered.

Cryptographic Hash Function Properties

 Take an arbitrarily length of clear text data to be hashed.

 Put it through a hash function.

 It produces a fixed length message digest (hash value).

 H(x) is: Relatively easy to computer for any given x. One way and not reversible.

 If a hash function is hard to invert, it is considered a one-way hash.

Well-Known Hash Functions

 Hash functions are helpful when ensuring data is not changed accidentally, such as by a communication error.

 Hash functions cannot be used to guard against deliberate changes.

 There is no unique identifying information from the sender in the hashing procedure, so anyone can compute a hash for any data, as long as they have the correct hash function.

 Hashing is vulnerable to man-in-the-middle attacks and does not provide security to transmitted data.

 Two well-known hash functions are:
• MD5 with 128-bit digests
• SHA-256 with 256-bit digests

MD5 algorithm

MD5 algorithm is a hashing algorithm (digest algorithm)that was developed by Ron Rivest to produce 128 bit message digest. It is used in a variety of Internet applications today

MD5 is quite fast than other versions.
1. Message digest which takes the plain text of 512 bit blocks which is further divided into 16 blocks.
2. Each of 32 bit and produces the 128 bit message digest which is a set of four blocks, each of 32 bits.
3. MD5 produces the message digest through five steps
i. Padding
ii. Append length
iii. Divide input into 512 bit block
iv. Initialize chaining variables a process blocks and 4 rounds.
v. Uses different constant it in each iteration.

How do the MD5 Algorithm works?

Step1: Append Padding Bits

• Adding extra bits to the original message. So in MD5 original message is padded such that its length in bits is congruent to 448 modulo 512. Padding is done such that the total bits are 64 less being a multiple of 512 bits length.
• Padding is done even if the length of the original message is already congruent to 448 modulo 512. In padding bits, the only first bit is 1 and the rest of the bits are 0.

Step 2: Append Length

After padding, 64 bits are inserted at the end which is used to record the length of the original input. Modulo 2⁶⁴. At this point, the resulting message has a length multiple of 512 bits.

Step 3: Initialize MD buffer

A four-word buffer (A, B, C, D) is used to compute the values for the message digest. Here A, B, C, D are 32- bit registers and are initialized in the following way

Step 4: Processing message in 16-word block

MD5 uses the auxiliary functions which take the input as three 32-bit number and produces a 32-bit output. These functions use logical operators like OR, XOR, NOR.

The content of four buffers are mixed with the input using this auxiliary buffer and 16 rounds are performed using 16 basic operations.

Output-

After all, rounds have performed the buffer A, B, C, D contains the MD5 output starting with lower bit A and ending with higher bit D.

Use of MD5 Algorithm

The main objective of security as it takes an input of any size and produces an output if a 128-bit hash value.

To be considered cryptographically secure MD5 should meet two requirements:

1. Cannot generate two inputs that cannot produce the same hash function.
2. Cannot generate a message having the same hash value.

Initially, MD5 was developed to store one way hash of a password and some file servers also provide pre-computed MD5 checksum of a file so that the user can compare the checksum of the downloaded file to it.

Most Unix based Operating Systems include MD5 checksum utilities in their distribution packages.

Advantages and Disadvantages of MD5 Algorithm

Below are the advantages and disadvantages explained:

Advantages

• MD5 Algorithms are useful because it is easier to compare and store these smaller hashes than to store a large text of variable length. It is a widely used algorithm for one way hashes that are used to verify without necessarily giving the original value. MD5 Algorithm is used by Unix systems to store the passwords of the user in a 128-bit encrypted format. MD5 algorithms are widely used to check the integrity of the files.
• Moreover, it is very easy to generate a message digest of the original message using this algorithm.It can perform the message digest of a message having any number of bits, it is not limited to message in the multiples of 8, unlike MD5 sum which is limited to octets.

Disadvantages

• But from many years MD5 has prone to hash collision weakness, it is possible to create the same hash function for two different inputs. MD5 provides no security over these collision attacks. Instead of MD5, SHA (Secure Hash Algorithm, which produces 160-bit message digest and designed by NSA to be a part of digital signature algorithm) is now acceptable in the cryptographic field for generating the hash function as it is not easy to produce SHA-I collision and till now no collision has been produced yet.
• Moreover, it is quite slow then the optimized SHA algorithm. SHA is much secure than MD5 algorithm and moreover,
• It can be implemented in existing technology with exceeding rates, unlike MD5. Nowadays ther are new hashing algorithms are coming up in the market keeping in mind higher security of data like SHA256 (which generates 256 bits signature of a text).

Summary

Nowadays with the storage of all the data on cloud and internet, it is very important to keep the security of that data at the utmost priority. The most secure algorithm should be adopted to encrypt private data. Recent studies show that the SHA algorithm should be given paramount importance over MD5 as MD5 is more vulnerable to collision attacks. Although researchers are proposing new algorithms that are secure and least vulnerable to attacks like SHA256.

SHA algorithm

Introduction to SHA Algorithm

SHA algorithm is Secure Hash algorithm developed by U.S. National Institute of Standards and Technology (NIST) developed SHA, the algorithm specified in the Secure Hash Standard (SHS).

SHA is designed to obtain the original message, given its message digest and to find the message producing the same message digest.

SHA-1, published in 1994, corrected an unpublished flaw in SHA.

SHA design is very similar to the MD4 and MD5 hash functions that Ron Rivest developed.

Slightly slower than MD5, but the larger message digest makes it more secure against brute-force collision and inversion attacks.

What is SHA Algorithm?

SHA-1 algorithm produces a 160-bit message digest by taking a message of less than 264 bits in length. In the field of cryptography and crypt analytics, the SHA-1 algorithm is a crypt-formatted hash function that is used to take a smaller input and produces a string which is 160 bits (20-byte hash value long). The hash value generated is known as a message digest which is typically rendered and produced as a hexadecimal number which is specifically 40 digits long.

Characteristics

• The cryptographic hash functions are utilized and used in order to keep and store the secured form of data by providing specifically three different kinds of characteristics.
  1. Pre-image resistance which is also known as the first level of image resistance
  2. The second level of pre-image resistance.
  3. Collision resistance.
• For the Hackers or attackers hard and time consuming because the cornerstone lies in the fact that the pre-image crypt resistance technique to find the original intended message by providing the respective hash value.
• The security is provided by the nature of a one way that has a function which is mostly the key component of SHA algorithm. The pre-image resistance is important to clear off brute force attacks from a set of huge and powerful machines.
• The second resistance technique is applied where the attacker has to go through a hard time in decoding the next error message even when the first level of the message has been decrypted.
• The last and the most difficult to crack is the collision resistance which makes it extremely hard for the attacker to find two completely different messages which hash to the same hash value.

Types of SHA Algorithm

The Different Types of SHA algorithm :

1. SHA-0

It is a retronym that is applied to the basic version of the year-old 160 bit or 20-byte long hash function. It was published back in 1993 with the name of the SHA algorithm. The SHA-1 came because SHA-0 has been withdrawn very shortly after it was published due to a major flaw.

2. SHA-1

It is a 20-byte long or a 160 bit hash-based function-based encryption mechanism that is used to resemble the year-old MD5 algorithm. The algorithm was designed and developed by the NSA (National Security Agency) and was supposed to be the part of the critical component- Digital Signature Algorithm (DSA). This was withdrawn because of the weaknesses which were related to the cryptographic techniques.

3. SHA-2

This forms a family of 2 identical hash functions which consist of differently sized block sizes which are known to be SHA-512 and SHA-256 (differ mainly in the word size). The former one consists of the word value range of 32 words whereas the latter one consists of the 64-bit word value. The truncated versions of these values are the ones such as SHA-224, SHA-384 and SHA-512 and SHA-224 or SHA-256.

4. SHA-3

This is the encryption technique is mainly used today which makes use of the hash function named Keccak. The length supported is the same as that of SHA-2, but the major difference is lies in the fact that this one is structurally different, as it is based on a wide range of random function generation which typically supports all random permutations and thereby allowing inputting or absorbing, as it is called, any amount of data presented and outputting or squeezing the presented data. While doing all this, this acts as a pseudorandom function for all the inputs provided which therefore leads to greater flexibility.

Uses of SHA Algorithm

1. These SHA algorithms are widely used in security protocols and applications including the ones such as TLS, PGP, SSL, IPsec, and S/MiME.

2. These is also find used place in all the majority of cryptanalytic techniques and coding standards which is mainly aimed to see the functioning and working of majorly all governmental as well as private organizations and institutions.
Eg: Major giants today such as Google, Microsoft or Mozilla have started to recommend the use of SHA-3 and stop the usage of the SHA-1 algorithm.

Summary

The SHA providing additional layer of security to the increasing and the massive data you have to deal with. Hackers and attackers always will keep eye on finding a vulnerability in all the newer forms of hashing techniques being used. We have to ensure that we are prompt enough to be more secure than letting our data fall prey to it.

Hope you liked my article. Stay tuned for more articles like these.