1 chapter 5 hashes and message digests instructor: 孫宏民 [email protected]...
Post on 19-Dec-2015
254 views
TRANSCRIPT
![Page 1: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/1.jpg)
1
Chapter 5 Hashes and Message Digests
Instructor: 孫宏民[email protected]
Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694
![Page 2: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/2.jpg)
2
Introduction
• A hash (also known as a message digest) is a one-way function. It is considered a one-way because it’s not practical to figure out what input corresponds to a given output.
• We will use the term hash and message digest interchangeably. The NIST message digest function is called SHA-1, which stands for secure hash algorithm, whereas the MD in the MD2,MD4,MD5 algorithm stands for message digest.
![Page 3: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/3.jpg)
3
• There certainly will be many message that yield the same message digest, because a message can be of arbitrary length and the message digest will be fixed length, for instance 128bits.
• By trying lots of messages, one would eventually find two that mapped to the same message digest.
• The problem is that “lots” is so many that it is essentially impossible.
![Page 4: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/4.jpg)
4
• Assume a good 128-bit message digest function, it would take trying approximately 264 message before finding two that had the same digest. (see the birthday problem)
• An example use of a message digest is to fingerprint a program or document to detect modification of it.
![Page 5: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/5.jpg)
5
The Birthday Problem
• If there are 23 or more people in a room, the odds are better than 50% that two of them will have the same birthday.
• Let’s assume n inputs and k possible outputs, and an unpredictable mapping from input to output. With n inputs, there are n(n-1)/2 pairs of inputs. For each pair there’s a probability of 1/k of both input s producing the same output value, so need about k/2 pairs in order for the probability 50%.
![Page 6: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/6.jpg)
6
• So n(n-1)>k that means if n is greater than , there‘s good chance of finding a matching pair.
k
![Page 7: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/7.jpg)
7
• How many bits does the output of a message digest function have to be in order to prevent someone from being able to find two message with the same message digest.– If the message digest has m bits, then it would take
only about 2m/2 message, chosen at random, before one would find two with the same value.
– That is why message digest function have outputs of at least 128 bits, because it is no considered feasible to search 264 message given the current state of the art.
![Page 8: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/8.jpg)
8
Nifty Thing to Do with a Hash
• The significant difference between a secret key algorithm and a message digest algorithm is that a secret key algorithm is designed to be reversible and a message digest algorithm is designed to be impossible to reverse.
• In this section we’ll use MD as a “generic” message digest algorithm.
![Page 9: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/9.jpg)
9
Authentication
![Page 10: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/10.jpg)
10
Computing a MAC with a Hash
• The obvious thought is that MD(m) is a MAC for message m. But it isn’t. anyone can compute MD(m).
• We concatenate a shared secret KAB with the message m, and use MD(KAB|m) as the MAC.
• Some proposals with no known weaknesses are:– Put the secret at the end of the message instead of at
the beginning.– Use only half the bits of the message digest as the M
AC
![Page 11: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/11.jpg)
11
– Concatenate the secret to both the front and the back of the message.
• We call any hash combining the secret key and the data a keyed hash.
![Page 12: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/12.jpg)
12
Encryption with a Message Digest• Generating a one-time pad
– Just as OFB generates a pseudorandom bit stream which then encrypts a message by simply being ⊕ed with the message, we can use a message digest algorithm to generate a pseudorandom bit stream.
![Page 13: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/13.jpg)
13
KAB
MD
M1⊕
C1
KAB
MD
⊕
KAB
MD
M2
C2
⊕M3
C3
Alice and Bob share a secure key KAB
![Page 14: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/14.jpg)
14
• It is not secure to use the same bit stream twice, so, as with OFB, Alice starts with an IV. The first block is than MD(KAB|IV).
![Page 15: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/15.jpg)
15
• Mixing in the Plaintext– Similar to CFB.
KAB
MD
M1⊕
C1
KAB
MD
⊕
KAB
MD
M2
C2
⊕M3
C3
IV
![Page 16: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/16.jpg)
16
Using Secret Key for a Hash• What we want to generate is a function with the
properties of a hash algorithm. It should not require a secret. It should be publishable. It should be noninvertible.
• Unix password hash
………password
1 2 3 4 5 6 7 8
7 bits ASCII
56bits key
DESPlaintext:0 Hashed password
![Page 17: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/17.jpg)
17
• Hashing large messages
![Page 18: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/18.jpg)
18
• There is a serious problem with this, which is that the typical message block length b is 64 bits, which is too short to use as a message digest.
• If we want to find a message with a particular message digest, a technique similar to the one in sector 4.4.1.2 could find a message with a particular 64-bit message digest in about 233 iteration.
![Page 19: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/19.jpg)
19
![Page 20: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/20.jpg)
20
MD2
• MD2 takes a message equal to an arbitrary number of octets and produces a 128-bit message digest.
• The basic idea behind MD2is as follows:– The input message to MD2 is an arbitrary length. – The message is padded to be multiple of 16 octets.– A 16-octets quantity, which MD2 calls checksum, is
appended to the end.– Final pass: the message is processed, 16 octets at a
time, each time producing an intermediate result for message digest.
![Page 21: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/21.jpg)
21
MD2 Padding
![Page 22: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/22.jpg)
22
MD2 Checksum Computation
![Page 23: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/23.jpg)
23
![Page 24: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/24.jpg)
24
MD2 Final Pass
![Page 25: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/25.jpg)
25
MD4 The message to be fed into the message digest computation must be a multiple of 512 bits (sixteen 32-bit words)
![Page 26: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/26.jpg)
26
Overview of MD4 Message Digest Computation
![Page 27: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/27.jpg)
27
• Each stage stars with a 16-word message block and a 4-word message digest value.
15210 ,...,,, mmmmmessage called :
message digest : 3210 ,,, dddd
The message digest initialized to :
163162
161160
10325476,98
89,67452301
dbadcfed
efcdabdd
Equivalent to the octet string10|32|54|76|98|||||||89|67|45|23|01 badcfeefcdab
![Page 28: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/28.jpg)
28
• The following operations we are able to use:
![Page 29: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/29.jpg)
29
MD4 Message Digest Pass 1
• A function F(x,y,z) is defined as (x⋀y) ( x z).⋁ ∼ ⋀ This function is sometimes known as the selection function
• A separate setp is done for each of the 16 words of the message. For each I from 0 through 15.
3,7,11,15 valuesover the cycle theso,43
3)),,((
1
133323133
SiiS
iSmdddFdd iiiiii
![Page 30: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/30.jpg)
30
3)),,((
15)),,((
11)),,((
7)),,((
3)),,((
:follows as pass theof steps fewfirst out the can write we
432100
303211
210322
121033
032100
mdddFdd
mdddFdd
mdddFdd
mdddFdd
mdddFdd
![Page 31: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/31.jpg)
31
MD4 Message Digest Pass 2
15. through 0 from Ieach For message. theof
words16 theofeach for done is setp separateA 16
30 827999522
constant a useIt function.majority theasknown
sometimes isfunction This .
as defined is z)y,G(x,function A
a
z) (yz) (xy) (x
3,5,9,13 valueover the cycle
theso ,133,92,51,30 and,154
3)8279995),,((
2222
216)(33323133
SSSSSiix
iSamdddGdd ixiiiii
![Page 32: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/32.jpg)
32
3)8279995),,((
13)8279995),,((
9)8279995),,((
5)8279995),,((
3)8279995),,((
:follows as pass theof steps fewfirst out the can write we
16432100
16303211
16210322
16121033
16032100
amdddGdd
amdddGdd
amdddGdd
amdddGdd
amdddGdd
![Page 33: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/33.jpg)
33
MD4 Message Digest Pass 3
1630 19632
isconstant The 3.root square the
on basedconsyant dtrangedifferent a has 3 Pass
. as defined is z)y,H(x,function A
ebaed
z yx
15. through 0 from Ieach For message. theof
words16 theofeach for done is setp separateA
3,9,11,15 valueover the cycle theso ,153
,112,91,30 and,8/34/62/128
3)196),,((
3
333
316)(33323133
SS
SSSiiiiiR
iSebaedmdddHdd iRiiiii
![Page 34: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/34.jpg)
34
3)196),,((
15)196),,((
11)196),,((
9)196),,((
3)196),,((
:follows as pass theof steps fewfirst out the can write we
16432100
16303211
16210322
16121033
16032100
ebaedmdddHdd
ebaedmdddHdd
ebaedmdddHdd
ebaedmdddHdd
ebaedmdddHdd
![Page 35: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/35.jpg)
35
MD5
• The major differences are:– MD4 make three passes over each 16-octet chunk of
the message. MD5 makes four passes over each 16-octet chunk.
– The functions are slightly, as are the number of its in the shifts.
– MD4 has one constant which is used for each message word in pass 2, and a different constant in pass 3. no constant is used in pass 1. MD5 using 64 32-bit constant.
![Page 36: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/36.jpg)
36
![Page 37: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/37.jpg)
37
MD5 Message Padding
![Page 38: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/38.jpg)
38
Overview of MD5 Message Digest Computation
![Page 39: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/39.jpg)
39
• Each stage stars with a 16-word message block and a 4-word message digest value.
15210 ,...,,, mmmmmessage called :
message digest : 3210 ,,, dddd
The message digest initialized to :
163162
161160
10325476,98
89,67452301
dbadcfed
efcdabdd
Equivalent to the octet string10|32|54|76|98|||||||89|67|45|23|01 badcfeefcdab
![Page 40: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/40.jpg)
40
MD5 Message Digest Pass 1
• A function F(x,y,z) is defined as (x⋀y) ( x z).⋁ ∼ ⋀ This function is sometimes known as the selection function
• A separate setp is done for each of the 16 words of the message. For each I from 0 through 15.
7,12,17,22 valuesover the cycle theso,57
3)),,((
1
1133323133)1(3
SiiS
iSTmdddFddd iiiiiiii
![Page 41: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/41.jpg)
41
7)),,((
22)),,((
17)),,((
12)),,((
7)),,((
:follows as pass theof steps fewfirst out the can write we
54321010
43032121
32103232
21210303
10321010
TmdddFddd
TmdddFddd
TmdddFddd
TmdddFddd
TmdddFddd
![Page 42: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/42.jpg)
42
MD5 Message Digest Pass 2
.~ as defined is z)y,G(x,function A z) (yz) (x
15. through 0 from Ieach For message. theof
words16 theofeach for done is setp separateA
5,9,14,20 valueover the cycle theso ,52/)7(
3)),,((
2
21715)15(33323133)1(3
SiiiS
iSTmdddGddd iiiiiiii
![Page 43: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/43.jpg)
43
5)),,((
20)),,((
14)),,((
9)),,((
5)),,((
:follows as pass theof steps fewfirst out the can write we
215321010
200032121
1911103232
186210303
171321010
TmdddGddd
TmdddGddd
TmdddGddd
TmdddGddd
TmdddGddd
![Page 44: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/44.jpg)
44
MD5 Message Digest Pass 3
. as defined is z)y,H(x,function A z yx
15. through 0 from Ieach For message. theof
words16 theofeach for done is setp separateA
4,11,16,23 valueover the cycle theso
,233,162,111,40
3)),,((
3333
33315)53(33323133)1(3
S
SSSS
iSTmdddHddd iiiiiiii
![Page 45: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/45.jpg)
45
4)),,((
23)),,((
16)),,((
11)),,((
4)),,((
:follows as pass theof steps fewfirst out the can write we
371321010
3614032121
3511103232
348210303
335321010
TmdddHddd
TmdddHddd
TmdddHddd
TmdddHddd
TmdddHddd
![Page 46: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/46.jpg)
46
MD5 Message Digest Pass 4
.)~( as defined is z)y,I(x,function A zxy
15. through 0 from Ieach For message. theof
words16 theofeach for done is setp separateA
6,10,15,21 valueover the cycle theso ,2/)4)(3(
3)),,((
4
44915)7(33323133)1(3
SiiiS
iSTmdddIddd iiiiiiii
![Page 47: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/47.jpg)
47
6)),,((
21)),,((
15)),,((
10)),,((
6)),,((
:follows as pass theof steps fewfirst out the can write we
5312321010
525032121
5114103232
507210303
490321010
TmdddIddd
TmdddIddd
TmdddIddd
TmdddIddd
TmdddIddd
![Page 48: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/48.jpg)
48
SHA-1
• SHA-1 (secure hash algorithm) was proposed by NIST as a message digest function, and takes a message of length at most 264 bits and produces a 160-bit output.
• Message padding– SHA-1 pads messages in the same manner as MD4
and MD5, except that SHA-1 is not defined for a message is longer than 264 bits.
![Page 49: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/49.jpg)
49
SHA-1 message padding
![Page 50: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/50.jpg)
50
Overview of SHA-1 Message Digest Computation
![Page 51: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/51.jpg)
51
• The 160-bit message digest consists of five 32-bit words. Let’s call them A,B,C,D, and E.
• The message digest is initialize as
16
1616
1616
10325476
10325476,98
89,67452301
E
DbadcfeC
efcdabBA
![Page 52: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/52.jpg)
52
SHA-1 Operation on a 512-bit Block
SHA. original thefromn mdificatioonly theis
thisn; wordas stored beforebit oneleft rotated is
16 and1483 wordsof the1,-SHAIn n-,,n-,n-n-
![Page 53: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/53.jpg)
53
79)t(60 6162102
59)t(40 1852
39)t(20 19632
19)t(0 827999522
5
D old E C, oldD, 30B oldC , old
:follows as ED,C,B,A,modify 79, through 0For t
,...,,, bit words-32eighty thecall sLet'
512bits)5bit words(-32eighty ofbuffer a have weNow
1630
1630
1630
1630
79210
dccaK
bbcdcfK
ebaedK
aK
f(t,B,C,D)KW)(AEA
AB
WWWW
t
t
t
t
tt
![Page 54: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/54.jpg)
54
79)t(60
59)t(40 )()()(
39)t(20
19)t(0 )(~)(
:on workingreyou' dseighty wor theofwhich
toaccording hat variesfunction t a is
DCBf(t,B,C,D)
DCDBCBf(t,B,C,D)
DCBf(t,B,C,D)
DBCBf(t,B,C,D)
f(t,B,C,D)
![Page 55: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/55.jpg)
55
HMAC
• HMAC result from an effect to find a MAC algorithm that could be proven to be secure if the underlying message digest’s compression function was secure.
• They defined secure as having two properties:– Collision resistance– An attacker doesn’t know the key K cannot compute t
he proper digest(K,x) for data x, even if the attacker can see the value of digest(K,y) , for arbitrary numbers of inputs y, with y no equal to x.
![Page 56: 1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 hmsun@cs.nthu.edu.tw hmsun@cs.nthu.edu.tw Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694](https://reader034.vdocuments.mx/reader034/viewer/2022052201/56649d375503460f94a0fee3/html5/thumbnails/56.jpg)
56