HASHING: SHA256TAYLER ANGEVINEBACHELOR OF ARTSDR. KEN BLAHA3/13/2014

INTRODUCTION

Review the hash function SHA-256

Goal: understand how SHA-256 computes it’s hash.

Why have I decided to focus on Sha-256 algorithms? Battle tested Considered to be some of the “safest” algorithms

Bitcoin is based around SHA-256.

The way the algorithm is implemented using MessageDigest left a lot of unknowns. Was under the impression that I would need to code the

algorithm.

MORE INTRO

Named after it’s digest length.

Will not focus on SHA-1 because it has been “broken”

Would rather focus on today’s standard rather than the past.

SHA-384 and SHA-512 because they are essentially the same.

Why go over the code? I believe it is necessary to understand the code

of an algorithm in order to recognize it’s weaknesses or it’s strengths.

WHAT IS A HASH?

Hash function takes a string of any length, and generates fixed-length output data.

It is not reversible. Because you are taking a string and basically

dividing it. Therefore, you are losing information.

If you have lost information about the original input, then it is nearly impossible to reverse the hash.

WHAT MAKES A GOOD HASH?

Same input will always lead to the same output.

Avoids collision attacks

A LITTLE INFORMATION…

Sha 256 is more safe from collision attacks than other algorithms.

MD5 = 128 byte output, 64 bits of security SHA-1 = 160 byte output, 80 bits of security. SHA 256 = 256 byte output, 128 bits of security

What are collision attacks? Find two input strings that produce the same hash.

“abc” “aiieagnea;[sagjeiao;iaeohgao;ejagea”

Hash functions can have infinite input length, but a fixed output.

HOW DOES IT WORK?

Padding aka Preprocessing

Block decomposition

Hash Algorithm

PREPROCESSING

Message (M) is l bits long. Append message with a 1 Followed by n zero bits. N is smallest, non-

negative solution to the equation. L + 1 + n = 448 mod 512

This leaves enough room to append what we have so far with a 64-bit block that equals our message represented in binary. Message = “abc” 24 + 1 + N = 448. N = 423 zero

bits

NOTATION

Algorithm uses AND, XOR, OR, Circular Right Shift, and Logical Right Shifts in order to compute the hash.

AND

p q p AND q

1 1 1

1 0 0

0 1 0

0 0 0

Produces 1 if both p and q are 1’s.

OR

p q p OR q

1 1 1

1 0 1

0 1 1

0 0 0

Produces 1 if p or q are 1

XOR

p q p XOR q

1 1 0

1 0 1

0 1 1

0 0 0

Produces 1 if p or q is 1, but not both.

CIRCULAR SHIFT RIGHT SHR(VARIABLE, NUMBER)

variable: a,b,c,d,e,f,g,h Number: amount of shift.

LOGICAL RIGHT SHIFTROTR(VARIABLE, NUMBER)

Variable: a,b,c,d,e,f,g,h. Number: amount of shifts

EQUATIONS

WHERE IT STARTS TO GET COMPLICATED.

Generally H1 – H8 are set to the first 32 bits of the fractional parts of the square roots of the first eight primes.

EXAMPLE

Square root of 2 = 1.414213562373095048801

Fractional part = 0.41421356237309504.

Hexadecimal = 6A09E667.

WHERE DOES OUR PASSWORD COME INTO PLAY?

Or original password was padded to 512 bytes. Which is 16 words.

A 64 word array is created we will refer to as W

W0 – W15 are initialized to our padded password.

The rest (W16 – W63) are set to a value determined by this function J is just the counter in a for loop.

ALGORITHM COMPUTATION(EXECUTED 64 TIMES)

A – H are initialized with H1 – H8

LAST STEP

Take your original and H1 – H8 add a – h to them.

ISSUES

Putting together a puzzle Some things are difficult to find answers to.

SOURCES

Algorithm http://

csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf

http://www-ma2.upc.es/~cripto/Q2-06-07/SHA256english.pdf

Actual Implementation http://www.cs.mcgill.ca/~

zcao7/mutls/release/llvm-gcc-4.2-2.9.source/libjava/classpath/gnu/java/security/hash/Sha256.java

http://www.vipan.com/htdocs/bitwisehelp.html

Various Information wikipedia.org/ http://www.makeuseof.com/tag/md5-hash-stuff-means-

technology-explained/

MORE SOURCES

Various Information http://

crypto.stackexchange.com/questions/8636/what-does-message-schedule-mean-in-sha-256

http://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html

Converting bytes to a string http://www.mkyong.com/java/how-do-convert-byt

e-array-to-string-in-java/

Hash Calculator http://

www.xorbin.com/tools/sha256-hash-calculator

QUESTIONS?