SlideShare a Scribd company logo

Hash_Crypto.ppt

Download as PPT, PDF
S
ssuser5297f5

This document discusses cryptographic hash functions. It provides an overview of hash functions and their properties like producing a fixed-length digest from an arbitrary-length message. It describes common hash functions like MD5, SHA-1 and SHA-2 and their structures. It also discusses attacks on hash functions and the need for a new secure hash standard to replace insecure functions like MD5 and the weakened SHA-1, leading to the NIST SHA-3 competition to select a new standard.

Education
1 of 47
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Cryptographic Hash Functions 01204427 June 2012
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
3 Hash Function  The hash value represents concisely the longer message  may called the message digest  A message digest is as a ``digital fingerprint'' of the original document condenses arbitrary message to fixed size h = H(M)
Chewing functions  Hashing function as “chewing” or “digest” function
Hashing V.S. Encryption  Hashing is one-way. There is no 'de-hashing’ Hello, world. A sample sentence to show encryption. E NhbXBsZSBzZW50ZW5jZS B0byBzaG93IEVuY3J5cHR pb24KsZSBzZ k Hello, world. A sample sentence to show encryption. D NhbXBsZSBzZW50ZW5jZS B0byBzaG93IEVuY3J5cHR pb24KsZSBzZ k  Encryption is two way, and requires a key to encrypt/decrypt h 52f21cf7c7034a20 17a21e17e061a863 This is a clear text that can easily read without using the key. The sentence is longer than the text above.
Motivation for Hash Algorithms  Intuition  Limitation on non-cryptographic checksum  Very possible to construct a message that matches the checksum  Goal  Design a code where the original message can not be inferred based on its checksum  such that an accidental or intentional change to the message will change the hash value
Hash Function Applications  Used Alone  Fingerprint -- file integrity verification, public key fingerprint  Password storage (one-way encryption)  Combined with encryption functions  Hash based Message Authentication Code (HMAC)  protects both a message's integrity and confideltaility  Digital signature  Ensuring Non-repudiation  Encrypt hash with private (signing) key and verify with public (verification) key
Integrity  to create a one-way password file  store hash of password not actual password  for intrusion detection and virus detection  keep & check hash of files on system
Password Verification Iam#4VKU h 661dce0da2bcb2d8 2884e0162acf8194 Password store Store Hashing Password Iam#4VKU h 661dce0da2bcb2d8 2884e0162acf8194 661dce0da2bcb2d8 2884e0162acf8194 Password store Hash Matching Exactly? Grant Deny Yes No Verification an input password against the stored hash
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
Hash Function Usages (I) Message encrypted : Confidentiality and authentication Message unencrypted: Authentication
Hash Function Usages (II) Message encrypted : Authentication (no encryption needed!) Message unencrypted: Authentication, confidentiality
Hash Function Usages (III) Authentication, digital signature Authentication, digital signature, confidentiality
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
Hash Function Properties  Arbitrary-length message to fixed-length digest  Preimage resistant (One-way property)  Second preimage resistant (Weak collision resistant)  Collision resistant (Strong collision resistance)
Properties : Fixed length  Arbitrary-length message to fixed-length digest h h Hello, world This is a clear text that can easily read without using the key. The sentence is longer than the text above. 52f21cf7c7034a20 17a21e17e061a863 Fixed length L 661dce0da2bcb2d8 2884e0162acf8194
Preimage resistant  This measures how difficult to devise a message which hashes to the known digest  Roughly speaking, the hash function must be one-way. Given only a message digest, can’t find any message (or preimage) that generates that digest.
Second preimage resistant  Given one message, can’t find another message that has the same message digest. An attack that finds a second message with the same message digest is a second pre-image attack.  It would be easy to forge new digital signatures from old signatures if the hash function used weren’t second preimage resistant  This measures how difficult to devise a message which hashes to the known digest and its message
Collision Resistant  Can’t find any two different messages with the same message digest  Collision resistance implies second preimage resistance  Collisions, if we could find them, would give signatories a way to repudiate their signatures
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
Two Group of Compression Functions  The compression function is made from scratch  Message Digest  A symmetric-key block cipher serves as a compression function  Whirlpool
Merkle-Damgard Scheme  Well-known method to build cryptographic hash function  A message of arbitrary length is broken into blocks  length depends on the compression function f  padding the size of the message into a multiple of the block size.  sequentially process blocks , taking as input the result of the hash so far and the current message block, with the final fixed length output
Hash Functions Family  MD (Message Digest)  Designed by Ron Rivest  Family: MD2, MD4, MD5  SHA (Secure Hash Algorithm)  Designed by NIST  Family: SHA-0, SHA-1, and SHA-2  SHA-2: SHA-224, SHA-256, SHA-384, SHA-512  SHA-3: New standard in competition  RIPEMD (Race Integrity Primitive Evaluation Message Digest)  Developed by Katholieke University Leuven Team  Family : RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320
24 MD5, SHA-1, and RIPEMD-160
MD2, MD4 and MD5  Family of one-way hash functions by Ronald Rivest  All produces 128 bits hash value  MD2: 1989  Optimized for 8 bit computer  Collision found in 1995  MD4: 1990  Full round collision attack found in 1995  MD5: 1992  Specified as Internet standard in RFC 1321  since 1997 it was theoretically not so hard to create a collision  Practical Collision MD5 has been broken since 2004  CA attack published in 2007
MD5 Overview
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
MD5 Overview 1. Append padding bits (to 448 mod 512) 2. Append length (64bits) 3. Initialize MD buffer (4x32 bits Word) Word A = 01 23 45 67 Word B = 89 AB CD EF Word C = FE DC BA 98 Word D = 76 54 32 10
Hash Algorithm Design – MD5 16 steps Constructed from sine function X[k] = M [q*16+k] (32 bit)
The ith 32-bit word in matrix T, constructed from the sine function M [q*16+k] = the kth 32-bit word from the qth 512-bit block of the msg Single step
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
Secure Hash Algorithm  SHA originally designed by NIST & NSA in 1993  revised in 1995 as SHA-1  US standard for use with DSA signature scheme  standard is FIPS 180-1 1995, also Internet RFC3174  based on design of MD4 with key differences  produces 160-bit hash values  recent 2005 results on security of SHA-1 have raised concerns on its use in future applications
Revised SHA  NIST issued revision FIPS 180-2 in 2002  adds 3 additional versions of SHA  SHA-256, SHA-384, SHA-512  designed for compatibility with increased security provided by the AES cipher  structure & detail is similar to SHA-1  hence analysis should be similar  but security levels are rather higher
SHA Versions MD5 SHA-0 SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 Digest size 128 160 160 224 256 384 512 Message size 264-1 264-1 264-1 264 -1 264-1 2128-1 2128-1 Block size 512 512 512 512 512 1024 1024 Word size 32 32 32 32 32 64 64 # of steps 64 64 80 64 64 80 80 Full collision found
Sample Processing  Mac Intel 2.66 Ghz core i7  1024 bytes block of data Type bits data processed MD5 128 469.7 MB/s SHA-1 160 339.4 MB/s SHA-512 512 177.7 MB/s
SHA-512 Overview
Padding and length field in SHA-512  What is the number of padding bits if the length of the original message is 2590 bits?  We can calculate the number of padding bits as follows:  The padding consists of one 1 followed by 353 0’s.
SHA-512 Round Function
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
Hash Function Cryptanalysis  cryptanalytic attacks exploit some property of algorithm so faster than exhaustive search  hash functions use iterative structure  process message in blocks (incl length)  attacks focus on collisions in function f
Attacks on Hash Functions  brute-force attacks and cryptanalysis  cryptanalytic attacks exploit some property of algorithm so faster than brute-force  a preimage or second preimage attack  find y such that H(y)equals a given hash value  collision resistance  find two messages x & y with same hash so H(x) = H(y) "md5 and sha1 are both clearly broken (in terms of collision-resistance” Ron Rivest http://mail.python.org/pipermail/python-dev/2005-December/058850.html
Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
The need of new Hash standard  MD5 should be considered cryptographically broken and unsuitable for further use, US CERT 2010  In 2004, a collision for the full SHA-0 algorithm was announced  SHA-1 not yet fully “broken”  but similar to the broken MD5 & SHA-0  so considered insecure and be fade out  SHA-2 (esp. SHA-512) seems secure  shares same structure and mathematical operations as predecessors so have concern
SHA-3 Requirements  NIST announced in 2007 a competition for the SHA-3 next gen hash function  Replace SHA-2 with SHA-3 in any use  so use same hash sizes  preserve the nature of SHA-2  so must process small blocks (512 / 1024 bits)  evaluation criteria  security close to theoretical max for hash sizes  cost in time & memory  characteristics: such as flexibility & simplicity
Timeline Competition  Nov 2007: Announce public competition  Oct 2008: 64 Entries  Dec 2008: 51 Entries as 1st Round  Jul 2009: 14 Entries as 2nd Round  Dec 2010: 5 Entries as 3rd Round  Jan 2011: Final packages submission and enter public comments  2012: SHA-3 winner announcement (Still in progress)
Five SHA-3 Finalists  BLAKE  Grøstl  JH  Keccak  Skien http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/submissions_rnd3.html
Summary  Hash functions are keyless  Applications for digital signatures and in message authentication codes  The three security requirements for hash functions are  one-wayness, second preimage resistance and collision resistance  MD5 and SHA-0 is insecure  Serious security weaknesses have been found in SHA-1  should be phased out  SHA-2 appears to be secure  May use SHA-512 and use the first 256 bytes  The ongoing SHA-3 competition will result in new standardized hash functions in a next year

More Related Content

PPT
Hash crypto
Harry Potter
 
PPT
Hash crypto
Luis Goldster
 
PPT
Hash crypto
David Hoen
 
PPT
Hash crypto
Tony Nguyen
 
PPT
Hash crypto
James Wong
 
PPT
Hash crypto
Young Alista
 
PPT
Hash crypto
Fraboni Ec
 
PPTX
Cryptography-Hash-Functions.pptx
AngeloChangcoco
 
Hash crypto
Harry Potter
 
Hash crypto
Luis Goldster
 
Hash crypto
David Hoen
 
Hash crypto
Tony Nguyen
 
Hash crypto
James Wong
 
Hash crypto
Young Alista
 
Hash crypto
Fraboni Ec
 
Cryptography-Hash-Functions.pptx
AngeloChangcoco
 

Similar to Hash_Crypto.ppt (20)

PPT
Hash Function & Analysis
Pawandeep Kaur
 
PPTX
Secure Hashing Techniques - Introduction
Udhayyagethan Mano
 
PPTX
Hashfunction
Luis Goldster
 
PPTX
Hashfunction
James Wong
 
PPTX
Hashfunction
Tony Nguyen
 
PPTX
Hash function
Harry Potter
 
PPTX
Hashfunction
David Hoen
 
PPTX
Hashfunction
Young Alista
 
PPTX
Hashfunction
Fraboni Ec
 
PDF
HASH FUNCTIONS.pdf
KalsoomTahir2
 
PDF
Hash
Tazo Al
 
PPTX
Information and data security cryptographic hash functions
Mazin Alwaaly
 
PPTX
Message Digest message digest ppttsx.pptx
LaxmipujaBiradar
 
PPT
An Introduction to Hashing: A basic understanding
prabhatv1
 
PPTX
unit 4.pptx of hash function in cryptography
NithyasriA2
 
PDF
Sha
ha123
 
PPTX
Unit 4
KRAMANJANEYULU1
 
PPTX
Hash Function
ssuserdfb2da
 
PDF
cryptography summary hash function slides
sarala9
 
PPT
secure hash function for authentication in CNS
NithyasriA2
 
Hash Function & Analysis
Pawandeep Kaur
 
Secure Hashing Techniques - Introduction
Udhayyagethan Mano
 
Hashfunction
Luis Goldster
 
Hashfunction
James Wong
 
Hashfunction
Tony Nguyen
 
Hash function
Harry Potter
 
Hashfunction
David Hoen
 
Hashfunction
Young Alista
 
Hashfunction
Fraboni Ec
 
HASH FUNCTIONS.pdf
KalsoomTahir2
 
Hash
Tazo Al
 
Information and data security cryptographic hash functions
Mazin Alwaaly
 
Message Digest message digest ppttsx.pptx
LaxmipujaBiradar
 
An Introduction to Hashing: A basic understanding
prabhatv1
 
unit 4.pptx of hash function in cryptography
NithyasriA2
 
Sha
ha123
 
Unit 4
KRAMANJANEYULU1
 
Hash Function
ssuserdfb2da
 
cryptography summary hash function slides
sarala9
 
secure hash function for authentication in CNS
NithyasriA2
 
Ad

Recently uploaded (20)

PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
Ad

Hash_Crypto.ppt

  • 2. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
  • 3. 3 Hash Function  The hash value represents concisely the longer message  may called the message digest  A message digest is as a ``digital fingerprint'' of the original document condenses arbitrary message to fixed size h = H(M)
  • 4. Chewing functions  Hashing function as “chewing” or “digest” function
  • 5. Hashing V.S. Encryption  Hashing is one-way. There is no 'de-hashing’ Hello, world. A sample sentence to show encryption. E NhbXBsZSBzZW50ZW5jZS B0byBzaG93IEVuY3J5cHR pb24KsZSBzZ k Hello, world. A sample sentence to show encryption. D NhbXBsZSBzZW50ZW5jZS B0byBzaG93IEVuY3J5cHR pb24KsZSBzZ k  Encryption is two way, and requires a key to encrypt/decrypt h 52f21cf7c7034a20 17a21e17e061a863 This is a clear text that can easily read without using the key. The sentence is longer than the text above.
  • 6. Motivation for Hash Algorithms  Intuition  Limitation on non-cryptographic checksum  Very possible to construct a message that matches the checksum  Goal  Design a code where the original message can not be inferred based on its checksum  such that an accidental or intentional change to the message will change the hash value
  • 7. Hash Function Applications  Used Alone  Fingerprint -- file integrity verification, public key fingerprint  Password storage (one-way encryption)  Combined with encryption functions  Hash based Message Authentication Code (HMAC)  protects both a message's integrity and confideltaility  Digital signature  Ensuring Non-repudiation  Encrypt hash with private (signing) key and verify with public (verification) key
  • 8. Integrity  to create a one-way password file  store hash of password not actual password  for intrusion detection and virus detection  keep & check hash of files on system
  • 9. Password Verification Iam#4VKU h 661dce0da2bcb2d8 2884e0162acf8194 Password store Store Hashing Password Iam#4VKU h 661dce0da2bcb2d8 2884e0162acf8194 661dce0da2bcb2d8 2884e0162acf8194 Password store Hash Matching Exactly? Grant Deny Yes No Verification an input password against the stored hash
  • 10. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
  • 11. Hash Function Usages (I) Message encrypted : Confidentiality and authentication Message unencrypted: Authentication
  • 12. Hash Function Usages (II) Message encrypted : Authentication (no encryption needed!) Message unencrypted: Authentication, confidentiality
  • 13. Hash Function Usages (III) Authentication, digital signature Authentication, digital signature, confidentiality
  • 14. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
  • 15. Hash Function Properties  Arbitrary-length message to fixed-length digest  Preimage resistant (One-way property)  Second preimage resistant (Weak collision resistant)  Collision resistant (Strong collision resistance)
  • 16. Properties : Fixed length  Arbitrary-length message to fixed-length digest h h Hello, world This is a clear text that can easily read without using the key. The sentence is longer than the text above. 52f21cf7c7034a20 17a21e17e061a863 Fixed length L 661dce0da2bcb2d8 2884e0162acf8194
  • 17. Preimage resistant  This measures how difficult to devise a message which hashes to the known digest  Roughly speaking, the hash function must be one-way. Given only a message digest, can’t find any message (or preimage) that generates that digest.
  • 18. Second preimage resistant  Given one message, can’t find another message that has the same message digest. An attack that finds a second message with the same message digest is a second pre-image attack.  It would be easy to forge new digital signatures from old signatures if the hash function used weren’t second preimage resistant  This measures how difficult to devise a message which hashes to the known digest and its message
  • 19. Collision Resistant  Can’t find any two different messages with the same message digest  Collision resistance implies second preimage resistance  Collisions, if we could find them, would give signatories a way to repudiate their signatures
  • 20. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  Attack on Hash Function  The Road to new Secure Hash Standard
  • 21. Two Group of Compression Functions  The compression function is made from scratch  Message Digest  A symmetric-key block cipher serves as a compression function  Whirlpool
  • 22. Merkle-Damgard Scheme  Well-known method to build cryptographic hash function  A message of arbitrary length is broken into blocks  length depends on the compression function f  padding the size of the message into a multiple of the block size.  sequentially process blocks , taking as input the result of the hash so far and the current message block, with the final fixed length output
  • 23. Hash Functions Family  MD (Message Digest)  Designed by Ron Rivest  Family: MD2, MD4, MD5  SHA (Secure Hash Algorithm)  Designed by NIST  Family: SHA-0, SHA-1, and SHA-2  SHA-2: SHA-224, SHA-256, SHA-384, SHA-512  SHA-3: New standard in competition  RIPEMD (Race Integrity Primitive Evaluation Message Digest)  Developed by Katholieke University Leuven Team  Family : RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320
  • 24. 24 MD5, SHA-1, and RIPEMD-160
  • 25. MD2, MD4 and MD5  Family of one-way hash functions by Ronald Rivest  All produces 128 bits hash value  MD2: 1989  Optimized for 8 bit computer  Collision found in 1995  MD4: 1990  Full round collision attack found in 1995  MD5: 1992  Specified as Internet standard in RFC 1321  since 1997 it was theoretically not so hard to create a collision  Practical Collision MD5 has been broken since 2004  CA attack published in 2007
  • 27. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
  • 28. MD5 Overview 1. Append padding bits (to 448 mod 512) 2. Append length (64bits) 3. Initialize MD buffer (4x32 bits Word) Word A = 01 23 45 67 Word B = 89 AB CD EF Word C = FE DC BA 98 Word D = 76 54 32 10
  • 29. Hash Algorithm Design – MD5 16 steps Constructed from sine function X[k] = M [q*16+k] (32 bit)
  • 30. The ith 32-bit word in matrix T, constructed from the sine function M [q*16+k] = the kth 32-bit word from the qth 512-bit block of the msg Single step
  • 31. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
  • 32. Secure Hash Algorithm  SHA originally designed by NIST & NSA in 1993  revised in 1995 as SHA-1  US standard for use with DSA signature scheme  standard is FIPS 180-1 1995, also Internet RFC3174  based on design of MD4 with key differences  produces 160-bit hash values  recent 2005 results on security of SHA-1 have raised concerns on its use in future applications
  • 33. Revised SHA  NIST issued revision FIPS 180-2 in 2002  adds 3 additional versions of SHA  SHA-256, SHA-384, SHA-512  designed for compatibility with increased security provided by the AES cipher  structure & detail is similar to SHA-1  hence analysis should be similar  but security levels are rather higher
  • 34. SHA Versions MD5 SHA-0 SHA-1 SHA-224 SHA-256 SHA-384 SHA-512 Digest size 128 160 160 224 256 384 512 Message size 264-1 264-1 264-1 264 -1 264-1 2128-1 2128-1 Block size 512 512 512 512 512 1024 1024 Word size 32 32 32 32 32 64 64 # of steps 64 64 80 64 64 80 80 Full collision found
  • 35. Sample Processing  Mac Intel 2.66 Ghz core i7  1024 bytes block of data Type bits data processed MD5 128 469.7 MB/s SHA-1 160 339.4 MB/s SHA-512 512 177.7 MB/s
  • 37. Padding and length field in SHA-512  What is the number of padding bits if the length of the original message is 2590 bits?  We can calculate the number of padding bits as follows:  The padding consists of one 1 followed by 353 0’s.
  • 39. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
  • 40. Hash Function Cryptanalysis  cryptanalytic attacks exploit some property of algorithm so faster than exhaustive search  hash functions use iterative structure  process message in blocks (incl length)  attacks focus on collisions in function f
  • 41. Attacks on Hash Functions  brute-force attacks and cryptanalysis  cryptanalytic attacks exploit some property of algorithm so faster than brute-force  a preimage or second preimage attack  find y such that H(y)equals a given hash value  collision resistance  find two messages x & y with same hash so H(x) = H(y) "md5 and sha1 are both clearly broken (in terms of collision-resistance” Ron Rivest http://mail.python.org/pipermail/python-dev/2005-December/058850.html
  • 42. Topics  Overview of Cryptography Hash Function  Usages  Properties  Hashing Function Structure  MD5  SHA  Attack on Hash Function  The Road to new Secure Hash Standard
  • 43. The need of new Hash standard  MD5 should be considered cryptographically broken and unsuitable for further use, US CERT 2010  In 2004, a collision for the full SHA-0 algorithm was announced  SHA-1 not yet fully “broken”  but similar to the broken MD5 & SHA-0  so considered insecure and be fade out  SHA-2 (esp. SHA-512) seems secure  shares same structure and mathematical operations as predecessors so have concern
  • 44. SHA-3 Requirements  NIST announced in 2007 a competition for the SHA-3 next gen hash function  Replace SHA-2 with SHA-3 in any use  so use same hash sizes  preserve the nature of SHA-2  so must process small blocks (512 / 1024 bits)  evaluation criteria  security close to theoretical max for hash sizes  cost in time & memory  characteristics: such as flexibility & simplicity
  • 45. Timeline Competition  Nov 2007: Announce public competition  Oct 2008: 64 Entries  Dec 2008: 51 Entries as 1st Round  Jul 2009: 14 Entries as 2nd Round  Dec 2010: 5 Entries as 3rd Round  Jan 2011: Final packages submission and enter public comments  2012: SHA-3 winner announcement (Still in progress)
  • 46. Five SHA-3 Finalists  BLAKE  Grøstl  JH  Keccak  Skien http://csrc.nist.gov/groups/ST/hash/sha-3/Round3/submissions_rnd3.html
  • 47. Summary  Hash functions are keyless  Applications for digital signatures and in message authentication codes  The three security requirements for hash functions are  one-wayness, second preimage resistance and collision resistance  MD5 and SHA-0 is insecure  Serious security weaknesses have been found in SHA-1  should be phased out  SHA-2 appears to be secure  May use SHA-512 and use the first 256 bytes  The ongoing SHA-3 competition will result in new standardized hash functions in a next year