Hash, Message Digest and

Digital Certificates
Hash
Hashing and Hash Functions
• A hash function H accepts a variable-length block of data M as input and
produces a fixed-size hash value h=H(M)
• A god hash function has the property that the results of applying the
function to a large set of inputs will produce outputs that are evenly
distributed and apparently random.
• In general terms, the principal object of hash function is data integrity.
A change to any bit or bits in M results, with high propability , in a
change to the hash code.
• Kind of hash function needed for security applications is referred to as a
cryptographic hash function.
• A cryptographic hash function is an algorithm for which it is
computationally infeasible (virtually impossible) to find either
• A) a data object that maps to pre-specified hash result (the one-way
property) or
• B) two data objects that maps to the same hash results (the collision free
property)

• Because of these characteristics , hash functions are often used to

determine whether or not data has changed.
• Figure depicts the general
operation of a cryptographic
hash function. Typically, the
input is padded out to an
integer multiple of some fixed
length (e.g 1024 bits) , and
the padding includes the
value of the length of the
original message.
 Applications of cryptographic Hash Functions
• To better understand some of the requirements and security implications for
cryptographic hash functions, it is useful to look at the range of applications
in which it is employed.

1. Message Authentication
2. Digital Signature
 1. Message Authentication
•Message authentication is a mechanism or service used to verify
the integrity od a message. Message authentication assures that
data received are exactly as sent (i.e contain no modification ,
insertion, deletion, or replay)
•In many cases there is a requirement that the authentication
mechanism assures that purported identity of the sender is valid.
•When a hash function is used to provide message authentication ,
the hash function value is often referred to as a message digest
• The sender computes a hash Common scenario
value as a function of the bits in
the message and transmits both
the hash value and the
message.
• The receiver performs the same
hash calculation on the
message bits and compares this
value with the incoming hash
value.
• If there is a mismatch , the
receiver knows that the
message (or possibly hash
value) has been altered.
 An Attack Scenario (MiTM)
• The hash function must be transmitted in a
secure manner. That is the hash function
must be protected so that if an adversary
alters or replaces the message, it is not
feasible for adversary to also alter the hash
value to fool the receiver.
• This type of attack is shown in the figure. In
this example , Alice transmits a data block
and attaches a hash value. Darth intercepts
the message , alters or replaces the data
block, and calculates and attaches a new
hash value.
• Bob receives the altered data with the new
hash value and does not detect the change.
To prevent this attack , the hash value
generated by Alice must be protected.
 How to protect Hash Values from Attacks
• Scenario 1
•The message code concatenated hash code is encrypted using
symmetric encryption.
•Because only A and B share the secrete key , the message must
have come from A and has not been altered.
•The hash code provides the structure or redundancy required to
achieve authentication.
•Because encryption is applied to the entire message plus hash
code, confidentiality is also provided
 How to protect Hash Values from Attacks
• Scenario 2
•Only the hash code is encrypted , using symmetric
encryption. This reduces the processing burden for those
applications that do not require confidentiality.
 How to protect Hash Values from Attacks
• Scenario 3
•It is possible to use a hash function but no encryption for
message authentication.
•The technique assumes that the two communication parties
share a common secrete value S.
•A computes a hash value over the concatenation of M and S
and appends the resulting hash value to M.
•Because B possesses S, it can recompute the hash value to
verify.
•Because the secrete value itself is not sent, an opponent
cannot modify an intercepted message and cannot generate
a false message.
 How to protect Hash Values from Attacks
• Scenario 4
• Confidentiality can be added to the approach of method C by
encrypting the entire message plus the hash code.

• Only integrity checks in scenario c

• Confidentiality and integrity checks in scenario a,b,d
• Message authentication is achieved using a Message Authentication Code
(MAC) , also known as a keyed hash function. Typically , MACs are used
between two parties that share a secrete key to authenticate information
exchanged between those parties.
• A MAC function takes as input a secrete key and a data block and produces a
hash value , referred to as the MAC, which is associated with the protected
message.
• If the integrity of the message needs to be checked , the MAC function can be
applied to the message and the result compared with the associated MAC
value.
• An attacker who alters the message will be unable to alter the associated MAC
value without knowledge of the secrete key. Note that the verifying party also
knows who the sending party is because no one else knows the secrete key
• Note that the combination of hashing and encryption results in an
overall function that is, in fact, a MAC. That is, E(K,H(M)) is a function
of variable-length message M and a secrete key K , and it produces a
fixed size output that is secure against an opponent who does not
know the secrete key. In practice , specific MAC algorithms are
designed that are generally more efficient than an encryption
algorithm.
Digital Signatures
 2. Digital Signatures
•Another important application, which is similar to the message
authentication application, is the digital signature. The operation of
the digital signature is similar to that of the MAC.
•In the case of digital signature, the hash value of a message is
encrypted with a user’s private key.
•Anyone who knows the user’s public key can verify the integrity of
the message that is associated with the digital signature.
•In this case , an attacker who wishes to alter the message would
need to know the user’s private key.
Scenario 1 of Digital Signature
• The hash code is encrypted with the sender’s private key. This provides
authentication. It also provides a digital signature, because only the
sender could have produced the encrypted hash code. In fact , this is
the essence of the digital signature.
Scenario 2 of Digital Signature
•If confidentiality as well as digital signature is desired, then the
message plus private key encrypted hash code can be
encrypted using a symmetric secrete key. This is a common
technique.
 Other Applications
•Hash functions are commonly used to create one-way password file.
In this scheme a hash of a password is stored by an operating system
rather than the password itself. Thus, the actual password is not
retrievable by a hacker who gain access to the password file. In
simple terms, when user enters a password, the hash of that
password is compared to the stored hash value for verification . This
approach to password protection is used by most operating systems.
•Hash functions can be used for intrusion detection and virus
detection. Store H(F) for each file on a system and secure the hash
values . One can later determine if a file has been modified by
recomputing H(F). An intruder would need to change F without
changing H(F).
 Properties of Hash function
•It is quick to compute the hash value of any given number.
•It is infeasible to generate a message from its hash value except by
trying all the possible combinations. (one way function)
•A small change to a message should change the hash value so
extensively that all the new hash values appear uncorrelated old
hash value. (Avalanche effect)
•It is infeasible to find two different messages with the same hash
value. (collision resistance)
Message Digest
• MD5 is quite fast and produces a 128 bit message digest.
• The input text is processed in 512 bit blocks ( which are further divided into
16 32-bit sub blocks)

• The output of the algorithm is a set of four 32-bit blocks, which make up the
128-bit message digest
 Working of MD5
•Step 1: Padding
•The aim of this step is to make the length of the original
message equal to a value which is 64 bits less than an exact
multiple of 512 bits.
•For example, if the length of original message is 1000 bits, we
add a padding of 472 bits to make the length if the message
1472 bits, because 1536=512*3. also 1536-64=1472
•The padding consist of a single 1 bit followed by all 0 bits, as
required.
•Padding bits are always added even if the length is already 64
bits less than an exact multiple of 512.
 Working of MD5
•Step 2: Append Length
•After padding bits are added , the next step is to calculate the
length of the original message in terms of 64 bits ( 2 ^ 64),
which is then appended at the end of the (original
msg+padding)
 Working of MD5
•Step 3: Divide the input into 512 bit blocks
•Step 4: initialize the chaining variables:
•In this step , four variables (called chaining variables) are initialized.
They are called A,B,C,D.
•Each of these is 32 bit number. The initial hexadecimal values of the
chaining variables are as follows:
A: 01 23 45 67 C:FE DC BA 98
B: 89 AB CD EF D:76 54 32 10
 Working of MD5
• Step 5: Process Blocks
• After all initializations, the real algorithm begins. There is a loop that runs for
as many 512-bit blocks are follows:
5.1 : copy the 4 chaining variables into four corresponding variables a,b,c and d.
A=a, B=b,C=c,D=d
5.2: divide the current 512 –bit blocks into 16 sub blocks . Thus, each sub block
contain 32 bits.
5.3: we have 4 rounds. In each round , we process all the 16 sub-blocks
belonging to a block. The inputs to each round are
a) All the 16 sub blocks
b) The variables a,b,c,d
c) Some constant, designated as k
Internal operation of each round
• All the four round vary in one major
way:

• Step 1 of four rounds has different

processing. The other steps an all
the four rounds are the same.
• In each round we have 16 input sub
blocks named M[0],M[1]..M[15]
• Also t is an array of constants. It
contains 64 elements, with each
element consisting of 32 bits. We
denote it as k[0],k[1]…k[63]
Internal operation of each round
1. A process F is first performed on b,c,d. This
process is different in all 4 rounds
2. The variable a is added to the output of the
process F.
3. The message sub-block M[i] is added to the
output of step 2.
4. The constant K[i] is added to the output of
step 3.
5. The output of step 4 is circularly left shifted
by s bits.
6. The variable b is added to the output of step
5.
7. The output of step 6 becomes the new b.
8. All other variables are right shifted by 1
position.
C=b,d=c, a=d
 Working of MD5
• Function F Internal Rounds
SHA
Secure Hash Algorithm -1
• The output of SHA-1 message digest is 160 bits in length, which is 32 bits
more than MD5.
• SHA is designed to be computationally infeasible to
a) Obtain the original message, given its message digest
b) Find two messages producing the same message digest
Working of SHA-1
• Step 1: Padding

• Like MD5, the first step in SHA is add padding to the end of the
original message in such a way that the length of the message is 64
bits shorts of a message of 512.
• The padding bits are always added , even if the message is already 64
bits shorts of a multiple 512
Working of SHA-1
• Step 2: Append length

• The length of the message excluding the length of the padding is now
calculated and appended to the end of the padding as a 64 bit block.
Working of SHA-1
• Step 3: Divide the input

• The input message is divided into blocks, each of length 512 bits.
• These blocks become the input to the message digest processing
logic.
Working of SHA-1
• Step 4: Initializing chaining variables

• 5 chaining variables , A,B,C,D,E are initialized each of 32 bits

• In SHA , the variables A through D have the same values as they had
in MD5, additionally E is initialized as HEX C3 D2 E1 F0
A: 01 23 45 67 C:FE DC BA 98
B: 89 AB CD EF D:76 54 32 10
E: HEX C3 D2 E1 F0
 Working of SHA-1
• Step 5: Process Blocks
• Step 5.1: copy the chaining variables A-E into variables a-e. The combination
of a-e, called abcde will be considered as a single register for storing the
temporary intermediate as well as final results.
• Step 5.2: divide the current 512 block into 16 sub blocks each consisting of
32 bits.
 Working of SHA-1
• Step 5: Process Blocks
• Step 5.3: SHA has 4 rounds, each consisting 20 steps.
• Each round takes the current 512 bit block, the register abcde and a constant
K[t], t ranging from 0 to 79.
• It then updated the constants of the register abcde using the SHA algorithm
steps.
• A major difference is the fact that we had 64 different constants defined as K
in MD5, Here we have only 4 constants defined for K[t] . One used in each of
the 4 rounds.
 Working of SHA-1
• Step 5: Process Blocks
• Step 5.4: SHA consist of
4 rounds, each
consisting 20 iterations.
This makes it a total of
80 iterations.
 Working of SHA-1
• Step 5: Process Blocks
• Step 5.4: calculation of w[t] or M[t]
The values of w[t] calculate as follows
• For the first 16 words of W (i.e t=0 to t=15), the contents of the input
message sub-block become the contents of w[t] straightaway.
• The remaining 64 values are calculated using the equation

•
MD5 vs SHA-1
HMAC/CMAC
Hash Based message Authentication Code
• The fundamental idea behind HMAC is to reuse the existing message
digest algorithm, such as MD or SHA-1
• Thus, it treats the message digest as a black box.
 Working of HMAC
• Let us start with various variables that will be used in our HMAC discussion

• MD= The message Digest (MD5, SHA-1)

• M= The input message
• L= The number of blocks in message M
• b= The number of bits in each block
• K= The shared symmetric key to be used in HMAC
• ipad= A string 00110110 repeated b/8 times.
• opad= A string 01001010 repeated b/8 times.
 • Step 1: Make the length of message M equal to key
The length of the message M must be equal to the length of the key.
• Step 2: XOR k with ipad
The secrete key is XOR ‘ed with ipad to produce OS1
Where,
Ipad= A string 00110110 repeated b/8 times
OS1=output of step 1
• Step 3: Append the message M to OS1

• Step 4: Message Digest Algorithm

Any message Digest (MD /SHA1) is applied on the output of step 3. This
will produce the output hash.
• Step 5: XOR K with opad to produce OS2
XOR the secrete key K with opad to produce output variable called OS2.

• Step 6: Append M to OS2

Add Hash H with OS2 and appended with output of step 5
• Step 7: Message Digest Algorithm
Message Digest algorithm is applied on output of step 6 to generate final
output called HMAC.
Final Diagram
 Cipher Based Message Authentication Code
(CMAC)
• Encryption is performed using any symmetric key cryptosystem. (AES, DES
etc)
HMAC CMAC
XOR XOR
Hashing Encryption (DES/AES)