Chapter 5: Hashes and Message Digests

1
Chapter 5 Hashes and Message Digests

• CS 772/872 Fall 2005

2

• A hash  or message digest, is a one-way function
  since it is not practical to reverse.
• A function is cryptographicaly secure if it is
  computationally infeasible to find
• a message that has a given message digest.
• a different  message with the same message
  digest.
• two messages that have the same message digest.

3
Major Algorithms

• Ron Rivest Message Digest MD-family (MD2, MD4 and
  MD5) 128-bit
• NIST  Secure Hash Algorithm SHA-1 160-bit.
• They take an arbitrary-length string  and map it
  to a fixed-length quantity that appears to be
  randomly chosen. For example, two inputs that
  differ by only one bit should have outputs that
  look like  completely independently chosen random
  numbers.

4
The Birthday Problem

• What is the minimum number of persons in a room
  so that the odds are better than 50 that two of
  them will have the same birthday? 23 persons.
• Why? Let n be the number of persons and k be the
  number of birth dates (k 365). There are P
  n(n-1)/2 pairs of persons. The probability that
  a give pair have the same birth date is 1/k.
  Therefore we need at least k/2 pairs for 50
  probability to find a match since
• 1/k 1/k ... 1/k P (1/k) gt 1/2 P gt k/2
  n(n-1)/2 gt k/2 n(n-1) gt k n2 gt k  or n sqrt
  (k) In general if the message digest is m bits
  then k2m and we need to examine at least 2m/2
  messages before we could find two message with
  the same digest. e.g., if m 128 we need 264
  messages.

5
Things to do with a Hash

• Authentication
• Computing a MAC
• Encryption
• Using Secret Key for a Hash

6
Authentication

• Alice authenticating Bob
• Alice                        Bob
• challenge      r gtgtgtgtgtgtgt  r   
• response       d ltltltltltltlt     dMDKr
• r        is a random number,      -  MDKr  is
  the message digest of K concatenated with r.
           Alice computes MDKr and if equal d,
  then Bob must know K.

7
Computing a MAC

• Using Secret Key K between Alice and Bob
•     Alice sends                   Bob receives
       m,d gtgtgtgtgtgtgtgtgtgt  m,d , OK if d MD
  (Km)
• where d MD(Km)     
• K is the shared secret between Alice and Bob
• This works except for some idiosyncrasies of most
  MD algorithms have the following property
• if dMD(x)    d'MD(xy), then d'dMD(y)
• Thus an attacker may intercepts ltm,dgt and replace
  it with ltm',d'gt, where m'my and d'dMD(y).
  Bob receives ltm',d'gt and will find out  d'
  MD(Km').
• How to avoid this flow?
• Compute MD(mK) instead of MD(Km).
• Compute MD(KmK)
• Compute MD(KMD(Km))

8
Encryption

• Generating one-time pad
•            Both Alice and Bob know the shared
  secret K and generate
•   b1 MD(K)           bi
  MD(Kbi-1), i2,3, ....
• Alice sends                         Bob receives
  ci mi bi             gtgt      ci and
  computes
• mi
  ci bi  

9
Using Secret Key for a Hash

• Unix Password Hash
•       Unix uses DES' to compute the hash of a
  password, which it then stores. (it uses a
  modified DES  to prevent DES hardware from
  cracking Unix passwords).
• - DES secret Key            Pack the 7-bit
  ASCII associated with each of the first 8
  characters of the password into 56-bit DES key.
          - Salt            A 12-bit random
  number (salt) is stored with  the hashed password
  (to prevent dictionary attack).            The
  salt is used to modify the DES data expansion
  algorithm (expand R from 32 to 48 bits).        
  - Hashed password            The modified DES
  is used with the secret key to encrypt the
  constant 0.            The result is stored with
  the salt as the user's hashed password.

10
MD2

• It takes a message of arbitrary length and
  produces 128-bit message digest.
• Padding  
• The message must be multiple of 16 octets. If
  the message is already multiple of 16 octets, 16
  octets of padding are added, otherwise r octets
  (1lt r lt15) are added. Each pad octet contains
  the value r. Note that there must always be
  padding.
•       Example        consider a message m
  "abcdefghij" of 10 bytes,        the value of r
  is 6 and the message is  padded as follows 
  "abcdefghij666666".
•  Checksum Figure 5-4
• A 16-byte checksum is appended to the message
  before computing the MD.

11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
MD4

• Was designed to be a 32-bit word oriented so it
  can be computed faster on 32-bit CPUs rather
  than  an octet-oriented MD2.

15
MD5

• Was designed to be more concerned with security
  than speed.
• All the MD family algorithms produce 128-bit
  digests.

16
SHA-1

• Designed by NIST to produce 160-bit digests (it
  is more secure than MD5 but  little slower).

17
HMAC (hash-based MAC)

• HMAC prepends the key to the data, digests it,
  and then prepends the key to the result and
  digests that. It takes a variable-length key and
  a variable-sized message and produces a
  fixed-size output that is the same size as the
  underlying digest algorithm. The   key is padded
  with 0s  to 512 bits.

18
(No Transcript)