Hashing algorithms
- Also known as one-way functions, hash functions or message-digest-functions
- Calculates unique fixed-size representation of a block of information.
- Cannot be reversed.
- π Used for
- integrity e.g. when downloading a file in internet, you can compare downloaded files hash with hash given on the website to ensure the right file is downloaded
- storing passwords in a database by e.g. operating systems
- Checksum
- Number created by a message digest.
Collision resistanceβ
- Property of a hash function
- π Computationally infeasible to find two colliding inputs
- See also Collision attack |Β Cryptanalysis
Hash functionsβ
MD5β
- π Most popular message digest algorithm.
- Takes any length of input and produces a 128-bit hash
- Considered very insecure as it is easy to reverse with current processing power
- Still used commonly in integrity checking e.g. file download verification
SHAβ
- Secure Hashing Algorithms
- π Generates a cryptographically secure message digest.
- Published by NIST (National Institute of Standards and Technology)
- Generations
- SHA-0
- Withdrawn shortly after publication due to a flaw and replaced with revised SHA-1
- π SHA-1
- Produces 160-bit digests
- Designated by NSA
- SHA-2
- Primarily SHA-256 (32-bit block words), SHA-512 (64-bit block words)
- Truncated versions: SHA-224, SHA-384, SHA-512/224 and SHA-512/256
- Designated by NSA
- SHA-3
- Chosen after competition by non-NSA designers
- Supports same hash lengths as SHA-2
- Internal structure differs significantly from the rest of the SHA family.
- SHA-0
RIPEMD (RACE Integrity Primitives Evaluation Message Digest)β
- 160-bit hash algorithm
- Working through 80 stages made up of 6 blocks that executes 16 times each
- Using modulo 32 addition
HMACβ
- Expands either as
- Keyed-hash message authentication code
- Hash-based message authentication code
- Uses a combination of a cryptographic key and hash function such as SHA-1 or MD5.
- Used for authentication and integrity checks.
- E.g.
HMAC_SHA256("key", "The quick brown fox jumps over the lazy dog") = f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8
- Uses keyed hashing to generate hashed-based MACs (HMAC).
- Involves hashing a message with a β’ hash function and β’ a secret key.
- Message authentication codes (MACs)
- Cryptographic checksums
- Used to detect when an attacker has tampered with a message
- Keyed hashing vs salted hashes
- Keyed hashing is against tampering, hash salting is against brute-force attacks.
- Salts are not assumed to be secret but keys are.
- HMAC can provide digital signatures without PKI infrastructure
- Delegates the key exchange to the communicating parties
- Parties are responsible for establishing and using a trusted channel to agree on the key prior to communication
Hash function attacksβ
Hash function attack countermeasuresβ
Salted hashβ
- π Hash is used with salt (collection of random bits) to obscure the hash.
- Goal is to increase protection against dictionary and brute-force attacks.
- Usually the salt is stored along with the hash of e.g. password.
- See also Password cracking countermeasures
Key stretchingβ
- Converting a key (e.g. password) to a longer and more random key to e.g. use as encryption.
- Makes encryption stronger as it increases the time and resources for brute-force attacks.
- Usually done by re-hashing multiple (e.g. a few million) times
- E.g. using slow key derivation functions such as PBKDF2