Hashing

Dr. S.R. Shinde

 Introduction to Hashing
• A Cryptographic hash function is a mathematical algorithm
that maps data of an arbitrary size to a bit array of fixed size
• It is a one-way function means infeasible to invert or reverse
the computation
• Properties :-
• It is deterministic
• it is infeasible to generate a message that yields a given
hash value
• infeasible to find two different messages with the same hash
value
• a small change to a message should change the hash value
extensively
 Hash+Salt
• In cryptography, a salt is random data that is
used as an additional input to a one-way
function that hashes data
• Salts are used to safeguard passwords in
storage
• The salt and password are concatenated & fed
to a cryptographic hash function
• Using the same salt for all passwords is
dangerous
 Hash+Salt Example
• If a salt is too short, an attacker may
precompute a table of every possible salt
appended to every likely password.
User Name Password
Alice Alice123
Bob Bob987

User Name Salt Value String to be Hashed

Alice E1F53135E559C253 Alice123E1F53135E559C253
Bob 84B03D034B409D4E Bob98784B03D034B409D4E
 Hashing Algorithms
• MD5: This is the fifth version of the Message
Digest algorithm
• SHA-1: Secure Hash Algorithm -1
• SHA-2
• SHA-512
• LANMAN
• NTLM
 MD5
• Developed by Professor Ronald L. Rivest in
1991.
• Takes as input a message of arbitrary length
and produces as output a 128-bit
• The MD5 algorithm is intended for digital
signature applications, where a large file must
be "compressed" in a secure manner before
being encrypted with a private (secret) key
under a public-key cryptosystem such as RSA.”
MD5 Algorithm structure
 Implementation Steps
• Step1 Append padding bits
The input message is "padded" (extended) so that
its length (in bits) equals to 448 mod 512. Padding
is always performed, even if the length of the
message is already 448 mod 512.
Padding is performed as follows: a single "1" bit is
appended to the message, and then "0" bits are
appended so that the length in bits of the padded
message becomes congruent to 448 mod 512. At
least one bit and at most 512 bits are appended.
 Implementation Steps
• Step2. Append length
A 64-bit representation of the length of the
message is appended to the result of step1. If
the length of the message is greater than
2^64, only the low-order 64 bits will be used.
The resulting message (after padding with bits
and with b) has a length that is an exact
multiple of 512 bits. The input message will
have a length that is an exact multiple of 16
(32-bit) words.
 Implementation Steps
• Step3. Initialize MD buffer
A four-word buffer (A, B, C, D) is used to compute the message
digest. Each of A, B, C, D is a 32-bit register. These registers are
initialized to the following values in hexadecimal, low-order bytes
first):
Gaurav is a student of VIT Comp TY CS D div= 184 bits, 512
word A: 01 23 45 67
word B: 89 ab cd ef
word C: fe dc ba 98
word D: 76 54 32 10
Gaurav is a student of VIT Comp TY CS D
div100000….00dgffhh=448+64 bits for length of message=512
 Implementation Steps
• Step4. Process message in 16-word blocks
Four functions will be defined such that each function takes
an input of three 32-bit words and produces a 32-bit word
output.

F (X, Y, Z) = XY or not (X) Z

G (X, Y, Z) = XZ or Y not (Z)
H (X, Y, Z) = X xor Y xor Z
I (X, Y, Z) = Y xor (X or not (Z))
 Summary
• Comparing to other digest algorithms, MD5 is
simple to implement, and provides a "fingerprint"
or message digest of a message of arbitrary length.
• It performs very fast on 32-bit machine.
• MD5 is being used heavily from large corporations,
such as IBM, Cisco Systems, to individual
programmers.
• MD5 is considered one of the most efficient
algorithms currently available.
 Secure Hash Algorithm
• SHA originally designed by NIST & NSA in 1993
• was revised in 1995 as SHA-1
• US standard for use with DSA signature scheme
– standard is FIPS 180-1 1995, also Internet RFC3174
– nb. the algorithm is SHA, the standard is SHS
• based on design of MD5 with key differences
• produces 160-bit hash values
• recent 2005 results on security of SHA-1 have raised
concerns on its use in future applications
SHA-1
 SHA-1 Algorithm Steps
• Note 1: All variables are unsigned 32-bit
quantities and wrap modulo 232 when
calculating, except for ml, the message length,
which is a 64-bit quantity, and hh, the
message digest, which is a 160-bit quantity.
Note 2: All constants in this pseudo code are in
big endian. Within each word, the most
significant byte is stored in the leftmost byte
position
 SHA-1 Algorithm Steps
• Initialize variables:
• h0 = 0x67452301
• h1 = 0xEFCDAB89
• h2 = 0x98BADCFE
• h3 = 0x10325476
• h4 = 0xC3D2E1F0
• ml = message length in bits
 SHA-1 Algorithm Steps
• Pre-processing: append the bit '1' to the message e.g.
by adding 0x80 if message length is a multiple of 8 bits.
append 0 ≤ k < 512 bits '0', such that the resulting
message length in bits is congruent to −64 ≡ 448 (mod
512) append ml, the original message length in bits, as
a 64-bit big-endian integer. Thus, the total length is a
multiple of 512 bits.
• Process the message in successive 512-bit chunks:
break message into 512-bit chunks for each chunk
break chunk into sixteen 32-bit big-endian words w[i],
0 ≤ i ≤ 15
 SHA-1 Algorithm Steps
• Message schedule: extend the sixteen 32-bit words into
eighty 32-bit words:
• for i from 16 to 79
Note 3: SHA-0 differs by not having this leftrotate.
w[i] = (w[i-3] xor w[i-8] xor w[i-14] xor w[i-16]) leftrotate 1
• Initialize hash value for this chunk:
• a = h0
• b = h1
• c = h2
• d = h3
• e = h4
 SHA-1 Algorithm Steps
• for i from 0 to 79
• if 0 ≤ i ≤ 19 then
• f = (b and c) or ((not b) and d)
• k = 0x5A827999
• else if 20 ≤ i ≤ 39
• f = b xor c xor d
• k = 0x6ED9EBA1
• else if 40 ≤ i ≤ 59
• f = (b and c) or (b and d) or (c and d)
• k = 0x8F1BBCDC
• else if 60 ≤ i ≤ 79
• f = b xor c xor d
• k = 0xCA62C1D6
 SHA-1 Algorithm Steps
temp = (a leftrotate 5) + f + e + k + w[i]
e=d
d=c
c = b leftrotate 30
b=a
a = temp
Add this chunk's hash to result so far:
h0 = h0 + a
h1 = h1 + b
h2 = h2 + c
h3 = h3 + d
h4 = h4 + e
 SHA-1 Algorithm Steps
• Produce the final hash value (big-endian) as a
160-bit number:
hh = (h0 leftshift 128) or (h1 leftshift 96) or (h2
leftshift 64) or (h3 leftshift 32) or h4
 SHA-1 Hash Examples
• SHA1("The quick brown fox jumps over the lazy dog")
• 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
• SHA1("The quick brown fox jumps over the lazy cog")
• De9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3
• SHA1("")
• da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA-2
 How SHA Works?
• Digest Length=160 bit
• I/P Text=512 bit
• Sub Block size=32bit
• 512/32=16 total Sub blocks
• No. Of Rounds=4
• Iteration per round=20
• Chaining Variable = 5*32=160
• K[t] constant= Where t=0 to 79
• O/P-> four 32 bit blocks
 SHA Overview
1. Padding: Length of the message is 64 bits short of
multiple of 512 after padding.
2. Append a 64-bit length value of original message is taken.
3. Divide the input into 512-bit blocks
4. Initialise CV 5-word (160-bit) buffer (A,B,C,D,E) to
(A=01 23 45 67,
B=89 AB CD EF,
C=FE DC BA 98,
D=76 54 32 10,
E=C3 D2 E1 F0)
 Continue…
5. Process Blocks now the actual algorithm begins.
message in 16-word (512-bit) chunks:
– Copy CV into single register for storing temporary
intermediate as well as the final results.
– Divide the current 512-bit blocks into 16 sub-blocks,
each consisting of 32 bits.
 Has No. Of Rounds=4, each round consisting of 20 bit
/step iteration operations on message block & buffer
 expand 16 words into 80 words(20*4) by mixing &
shifting.K[t] constant= Where t=0 to 79
 Form new buffer value by adding output to input.
6. output hash value is the final buffer value
 SHA-1 verses MD5
• brute force attack is harder (160 vs 128 bits
for MD5)
• not vulnerable to any known attacks
(compared to MD4/5)
• a little slower than MD5 (80 vs 64 steps)
• both designed as simple and compact
• optimised for big endian CPU's (SUN) vs MD5
for little endian CPU’s (PC)
 Revised Secure Hash Standard
• NIST issued revision FIPS 180-2 in 2002
• adds 3 additional versions of SHA
– SHA-256, SHA-384, SHA-512
– Different lengths of Message Digest in bits
• designed for compatibility with increased security
provided by the AES cipher
• structure & detail is similar to SHA-1
• hence analysis should be similar
• but security levels are rather higher
1. Padding,2.Append Length,3.Divide the input into 1024- bit blocks
 4.Initialization Of Chaining Variable

• 8*64= 512 bits

• A,B,C,D,E,F,G,H
 5.Process Blocks
• heart of the algorithm
• processing message in 1024-bit blocks
• consists of 80 rounds
– updating a 512-bit buffer TEMP CHAINING
VARIABLES.
– using a 64-bit value Wt derived from the current
message block
– and a round constant based on cube root of first
80 prime numbers
SHA-512 Round Function
 SHA-512 Round Function
• Let us look in more detail at the logic in each of the 80 steps of the
processing of one 512-bit block (Figure). Each round is defined by the
following set of equations:
 SHA-512 Round Function
• where
• t =step/round number; 0 t 79
• Ch(e, f, g)= (e AND f) XOR (NOT e AND g)
the conditional function: If e then f else g
• Maj(a, b,c)= (a AND b) XOR (a AND c) XOR (b AND c)
the function is true only of the majority (two or three) of the arguments are true.
• Sum (ai)= RORT (ai By 28 Bit) XOR RORT (ai By 34 Bit) XOR
RORT (ai By 39 Bit)
• Sum (ei)= RORT (ei By 14 Bit) XOR RORT (ei By 18 Bit) XOR
RORT (ei By 41 Bit)
• ROTRn(x) = circular right shift (rotation) of the 64-bit argument x by
n bits
• Wt = a 64-bit word derived from the current 512-bit input block (i.e:- Message Digest)
• Kt = a 64-bit additive constant
• + = addition modulo 2^64
SHA-512 Round Function
Thank You