leksion 7 hashes and messsage digests
TRANSCRIPT
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 1/28
1
Hashes and MessageDigests
MsC, Ing. Ezmerina [email protected]
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 2/28
2
Overview
HashesAuthentication
MD2MD5SHA
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 3/28
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 4/28
4
How Many Bits forHash?
m bits, takes 2m/2 to find two with the same hash
64 bits, takes 232
messages to search (doable) Need at least 128 bits
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 5/28
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 6/28
6
Using Hash forAuthentication
Alice to Bob: challenge r A Bob to Alice: MD( K AB|r A) Bob to Alice: r B Alice to Bob: MD( K AB|r B) Only need to compare MD results
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 7/28
7
Using Hash to Compute MIC
Cannot just compute MD( m) – Why?MIC: MD( K AB|m )o Allows concatenation with additional message:
MD( K AB|m |m’)• MD through chunk n depends on MD through
chunks n-1 and the data in chunk n
Put secret at the end of message:o MD( m| K AB)o HMAC - MD( K AB|MD( K AB|m ))
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 8/28
8
Using Hash to EncryptOne-time pad:o compute bit streams using MD, K , and IV
• b1=MD( K AB|IV), b i=MD( K AB|b i-1), …
o with message blockso Sender can generate the one-time pad in advance but receiver cannot. Why?
Or mixing in the plaintext to provide integrityo similar to cipher feedback mode (CFB)
• b1=MD( K AB|IV), c1= p1 b1
• b2=MD( K AB| c1), c2= p2 b2
o lose pre-computation capability, gain (some)integrity protection
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 9/28
9
MD2128-bit message digest:o Arbitrary number of bytes of messageo First pad to multiple of 16 bytes
o Append MD2 checksum (16 bytes) to the end• The checksum is almost a MD, but notcryptographically secure by itself.
o Process whole message
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 10/28
10
MD2 PaddingThere must always be paddingIf the message is multiple of 16 bytes, 16 bytes of padding are added
Otherwise the number of bytes (1-15) are addedEach pad byte specifies the number of bytes of padding that was added
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 11/28
11
MD2 ChecksumOne byte at a time, k × 16 stepsmnk : byte nk of messagecn=π (mnk cn-1 ) cn
o C n = (n mod 16)th
byteπ : 0 → 41, 1 → 46, …o Substitution on 0-255
(value of the byte)
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 12/28
12
MD5: Message DigestVersion 5
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 13/28
13
MD5 Box
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 14/28
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 15/28
15
MD5
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 16/28
16
MD5 ProcessAs many stages as the number of 512-bit blocks inthe final padded messageDigest: 4 32-bit words: MD=A|B|C|D
Every message block contains 16 32-bit words:m0|m1|m2…|m 15o Digest MD 0 initialized to:
A=01234567,B=89abcdef,C=fedcba98,
D=76543210o Every stage consists of 4 passes over the message
block, each modifying MD
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 17/28
17
MD5 Blocks
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 18/28
18
MD5Every bit of the hash code is function of every bit inthe inputThe complex repetition of the basic functions F, G, H,
I produces results that are well mixed – It is veryunlikely that two messages chosen at random willhave the same hashMD5 is as strong as a 128-bit hash can be – birthday
attack 2 64
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 19/28
19
Secure Hash Algorithm
Developed by NIST, specified in the Secure HashStandard (SHS, FIPS Pub 180), 1993SHA is specified as the hash algorithm in the DigitalSignature Standard (DSS), NIST
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 20/28
20
General LogicInput message must be < 2 64 bitso not really a problem
Message is processed in 512-bit blocks sequentially
Message digest is 160 bitsSHA design is similar to MD5, but a lot stronger
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 21/28
21
SHA-1
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 22/28
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 23/28
23
Basic Steps...Step 4: the 80-step processing of 512-bit blocks – 4rounds, 20 steps each.
Each step t (0 <= t <= 79):o Input:• W t – a 32-bit word from the message• K t – a constant.
• ABCDE: current MD.o Output:
• ABCDE: new MD.
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 24/28
24
Basic Logic Functions
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 25/28
25
SHA Versus MD5SHA is a stronger algorithm:
Brute-force birthday attacks requires on the orderof 2 80 operations vs. 2 64 for MD5
SHA’s 80 steps and 160 bits hash (vs. 128) requires alittle more computation
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 26/28
26
Revised SHA
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 27/28
27
History of Hash Algorithms
AlgorithmsMD – proprietary, never published, not widely usedMD2 – first public algorithm, oriented towards 8-bit processing,little memory, good for embedded devices
MD3 – immediately superceded by MD4 (never published)MD4 – runs faster than MD2, uses 32-bit operations, becamesuspectMD5 – slightly slower, more conservative
SHA 1 NIST standard similar to MD5 even more conservativeEventually MD2 and MD4 are “broken” – two messages with thesame hash are foundMDs produce 128-bit digests, SHA-1 – 160-bit digest
8/12/2019 Leksion 7 Hashes and messsage digests
http://slidepdf.com/reader/full/leksion-7-hashes-and-messsage-digests 28/28
28
Summary
HashesAuthentication
MD2MD5SHA