cryptography Hashing algorithms Version: 1.0.2 On this page
Hashing algorithms Also known as one-way functions , hash functions or message-digest-functions Calculates unique fixed-size representation of a block of information. Cannot be reversed. π Used forintegrity e.g. when downloading a file in internet, you can compare downloaded files hash with hash given on the website to ensure the right file is downloaded storing passwords in a database by e.g. operating systems Checksum Number created by a message digest. Collision resistanceβ Hash functionsβ π Most popular message digest algorithm. Takes any length of input and produces a 128-bit hash Considered very insecure as it is easy to reverse with current processing power Still used commonly in integrity checking e.g. file download verification Secure Hashing Algorithms π Generates a cryptographically secure message digest. Published by NIST (National Institute of Standards and Technology) GenerationsSHA-0 Withdrawn shortly after publication due to a flaw and replaced with revised SHA-1 π SHA-1 Produces 160-bit digests Designated by NSA SHA-2 Primarily SHA-256 (32-bit block words), SHA-512 (64-bit block words) Truncated versions: SHA-224, SHA-384, SHA-512/224 and SHA-512/256 Designated by NSA SHA-3 Chosen after competition by non-NSA designers Supports same hash lengths as SHA-2 Internal structure differs significantly from the rest of the SHA family. RIPEMD (RACE Integrity Primitives Evaluation Message Digest)β 160-bit hash algorithm Working through 80 stages made up of 6 blocks that executes 16 times each Using modulo 32 addition Expands either asKeyed-hash message authentication code Hash-based message authentication code Uses a combination of a cryptographic key and hash function such as SHA-1 or MD5. Used for authentication and integrity checks. E.g. HMAC_SHA256("key", "The quick brown fox jumps over the lazy dog") = f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8 Uses keyed hashing to generate hashed-based MACs (HMAC). Involves hashing a message with a β’ hash function and β’ a secret key. Message authentication codes (MACs)Cryptographic checksums Used to detect when an attacker has tampered with a message Keyed hashing vs salted hashes Keyed hashing is against tampering, hash salting is against brute-force attacks. Salts are not assumed to be secret but keys are. HMAC can provide digital signatures without PKI infrastructureDelegates the key exchange to the communicating parties Parties are responsible for establishing and using a trusted channel to agree on the key prior to communication Hash function attacksβ Hash function attack countermeasuresβ Salted hashβ π Hash is used with salt (collection of random bits) to obscure the hash. Goal is to increase protection against dictionary and brute-force attacks. Usually the salt is stored along with the hash of e.g. password. See also Password cracking countermeasures Key stretchingβ Converting a key (e.g. password) to a longer and more random key to e.g. use as encryption. Makes encryption stronger as it increases the time and resources for brute-force attacks. Usually done by re-hashing multiple (e.g. a few million) times E.g. using slow key derivation functions such as PBKDF2