Scribd
Upload
66 views18 pages

Slides-11 On Network Security

The document discusses hash algorithms such as MD5, SHA-1, and RIPEMD-160. It describes how they have evolved over time to increase security as brute force attacks have improved. MD5 produces a 128-bit hash, while SHA-1 produces a 160-bit hash. Both operate by padding the message, initializing a buffer, and then processing the message in blocks through multiple rounds of computations. SHA-1 is now preferred over MD5 due to known attacks on MD5. HMAC can be used to create message authentication codes by applying a hash function to a key and message.

Uploaded by

Muhammad Salman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
66 views18 pages

Slides-11 On Network Security

The document discusses hash algorithms such as MD5, SHA-1, and RIPEMD-160. It describes how they have evolved over time to increase security as brute force attacks have improved. MD5 produces a 128-bit hash, while SHA-1 produces a 160-bit hash. Both operate by padding the message, initializing a buffer, and then processing the message in blocks through multiple rounds of computations. SHA-1 is now preferred over MD5 due to known attacks on MD5. HMAC can be used to create message authentication codes by applying a hash function to a key and message.

Uploaded by

Muhammad Salman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Cryptography and Network

Security
Lecture slides by Lawrie Brown
Hash Algorithms
• see similarities in the evolution of hash
functions & block ciphers
– increasing power of brute-force attacks
– leading to evolution in algorithms
– from DES to AES in block ciphers
– from MD4 & MD5 to SHA-1 & RIPEMD-160 in
hash algorithms
• likewise tend to use common iterative
structure as do block ciphers
MD5
• designed by Ronald Rivest (the R in RSA)
• latest in a series of MD2, MD4
• produces a 128-bit hash value
• until recently was the most widely used
hash algorithm
– in recent times have both brute-force &
cryptanalytic concerns
• specified as Internet standard RFC1321
MD5 Overview
1. pad message so its length is 448 mod 512
2. append a 64-bit length value to message
3. initialise 4-word (128-bit) MD buffer (A,B,C,D)
4. process message in 16-word (512-bit) blocks:
– using 4 rounds of 16 bit operations on message
block & buffer
– add output to buffer input to form new buffer value
5. output hash value is the final buffer value
MD5 Overview
MD5 Compression Function
• each round has 16 steps of the form:
a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)
• a,b,c,d refer to the 4 words of the buffer,
but used in varying permutations
– note this updates 1 word only of the buffer
– after 16 steps each word is updated 4 times
• where g(b,c,d) is a different nonlinear
function in each round (F,G,H,I)
• T[i] is a constant value derived from sin
MD5 Compression Function
Secure Hash Algorithm (SHA-1)
• SHA was designed by NIST & NSA in 1993,
revised 1995 as SHA-1
• US standard for use with DSA signature scheme
– standard is FIPS 180-1 1995, also Internet RFC3174
– nb. the algorithm is SHA, the standard is SHS
• produces 160-bit hash values
• now the generally preferred hash algorithm
• based on design of MD4 with key differences
SHA Overview
1. pad message so its length is 448 mod 512
2. append a 64-bit length value to message
3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to
(67452301,efcdab89,98badcfe,10325476,c3d2e1f0)
4. process message in 16-word (512-bit) chunks:
– expand 16 words into 80 words by mixing & shifting
– use 4 rounds of 20 bit operations on message block
& buffer
– add output to input to form new buffer value
5. output hash value is the final buffer value
SHA-1 Compression Function
• each round has 20 steps which replaces
the 5 buffer words thus:
(A,B,C,D,E) <-
(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D)

• a,b,c,d refer to the 4 words of the buffer


• t is the step number
• f(t,B,C,D) is nonlinear function for round
• Wt is derived from the message block
• Kt is a constant value derived from sin
• 0<=t<=19 Kt = 5A827999
• 20<=t<=39 Kt = 6ED9EBA1
• 40<=t<=59 Kt = 8F1BBCDC
• 60<=t<=79 Kt = CA62C1D6
SHA-1 Compression Function
Round ft(B, C, D)

(0<=t<=19) (B.C) V (B¯ .D)

(20<=t<=39) B XOR C XOR D

(40<=t<=59) (B.C) V (B.D) V (C.D)

(60<=t<=79) B XOR C XOR D


SHA-1 verses MD5
• brute force attack is harder (160 vs 128
bits for MD5)
• not vulnerable to any known attacks
(compared to MD4/5)
• a little slower than MD5 (80 vs 64 steps)
• both designed as simple and compact
• optimised for big endian CPU's (vs MD5
which is optimised for little endian CPU’s)
Revised Secure Hash Standard
• NIST have issued a revision FIPS 180-2
• adds 3 additional hash algorithms
• SHA-256, SHA-384, SHA-512
• designed for compatibility with increased
security provided by the AES cipher
• structure & detail is similar to SHA-1
• hence analysis should be similar
RIPEMD-160
• RIPEMD-160 was developed in Europe as part
of RIPE project in 96
• by researchers involved in attacks on MD4/5
• initial proposal strengthen following analysis to
become RIPEMD-160
• somewhat similar to MD5/SHA
• uses 2 parallel lines of 5 rounds of 16 steps
• creates a 160-bit hash value
• slower, but probably more secure, than SHA
Keyed Hash Functions as MACs
• have desire to create a MAC using a hash
function rather than a block cipher
– because hash functions are generally faster
– not limited by export controls unlike block ciphers
• hash includes a key along with the message
• original proposal:
KeyedHash = Hash(Key|Message)
– some weaknesses were found with this
• eventually led to development of HMAC
HMAC
• specified as Internet standard RFC2104
• uses hash function on the message:
HMACK = Hash[(K+ XOR opad) ||
Hash[(K+ XOR ipad)||M)]]
• where K+ is the key padded out to size
• and opad, ipad are specified padding constants
• overhead is just 3 more hash calculations than
the message needs alone
• any of MD5, SHA-1, RIPEMD-160 can be used

You might also like