11 Hash functions
Hiteishi Diwanji
Cryptographic Hash functions:
- ¨ A hash function H accepts a variable length block of data M as input and produces a fixed size hash value h=H(M).
- ¨ For security applications cryptographic hash functions are required.
- ¨ A cryptographic hash function is an algorithm for which it is computationally infeasible to find either (a) data object that maps to pre specified hash result (b) two data object that map to same hash result.
Requirements and Security :
- ¨ Preimage – for a hash value h=H(x), x is called preimage.
- ¨ A collision occurs if x≠y and H(x)=H(y)
- ¨ Preimage resistant – one way property. It is easy to generate a code given a message, but virtually impossible to generate a message given code.
- ¨ Second preimage resistant – It is impossible to find an alternative message with same hash value
Two categories of attack:
- ¨ Brute force attack
- ¨ cryptanalysis
Secure Hash Algorithm – SHA 512:
- ¨ Input : a message with maximum length of less than 2128
- ¨ Output : 512 bit message digest.
- ¨ Input processing is done in 1024 bit blocks.
Step 1: Append padding bits
- ¨ The message is padded so that its length is congruent to 896 modulo 1024.
- ¨ Even if message is of desired length, padding is always done.
- ¨ The padding bits can be between 1 to 1024.
- ¨ The padding consist of a single 1 bit followed by necessary number of 0 bits. Step 2: Append length
- ¨ A block of 128 bits is appended to the message.
- ¨ This contains the length of the original message.
Step 3 : Initialize hash buffer
- ¨ A 512 bit buffer is used to hold intermediate and final results of the hash function.
- ¨ The buffer is eight 64 bit registers(a,b,c,d,e,f,g,h)
- ¨ These registers are initialized as follows
- a 6A09E667F3BCC908
- b BB67AE8584CAA73B
- c 3C6EF372FE94F82B
- d A54FF53A5F1D36F1
- e 510E527FADE682D1
- f 9B05688C2B3E6C1F
- g 1F83D9ABFB41BD6B
- h 5BE0CD19137E2179
Step 4: Process message in 1024 bit (128 word) blocks.
- ¨ 80 rounds are performed
- ¨ Each round works as follows : input : 512 bit buffer value abcdefgh updates the contents of buffer.
- At input of the first round, the buffer has the value of the intermediate hash value, Hi-1
- Each round t makes use of Wt(64 bit value) derived from current 1024 bit block being processed(Mi)
- Each round uses additive constant Kt where 0<=t<=79. Process message in 1024 bit (128 word) blocks.
- ¨ The output of the eightieth round is added to the input to the first round(Hi-1) to produce H
¨ The addition is done for each eight words in buffer with each corresponding words in Hi-1 using additional modulo 264.
SHA 512 Round Function :
Behavior of SHA-512 :
- ¨ H0 = IV
- ¨ Hi = SUM64(Hi-1,abcdefghi)
- ¨ MD = HN
- ¨ IV = initial value of abcdefgh buffer
- ¨ abcdefghi = the output of the last round of processing of the ith message block.
- ¨ N = the number of blocks in the message (includes padding and length field.)
- ¨ SUM64 = addition modulo 264 performed separately on each word of the pair of inputs.
- ¨ MD = final message digest
Applications of hash functions:
- ¨ Message authentication
- ¨ Digital signature
you can view video on Hash functions |
Suggested Reading:
- Cryptography and Network Security Principles and Practice by William Stallings, sixth Edition, PEARSON.
- Security in Computing by Charles Pfleeger & Shari Lawrence Pfleeger, fourth Edition, PEARSON.
- Network Security by Charlie Kaufman, Radia Perlman, Mike Speciner, second Edition, PHI.
- The Complete Reference – Network Security by Roberta Bragg, Mark Rhodes-Ousley & Keith Strassberg, Tata McGraw Hill
- Network Security Bible by Eric Cole, Ronald Krutz, James Conley, Wiley
- Hacking 6 Exposed by Stuart McClure, Joel Scambray & George Kurtz , Tata McGraw Hill .
- www.snort.org
- https://nmap.org