Professional Documents
Culture Documents
B4. Cryptographic Hash Functions
B4. Cryptographic Hash Functions
B4. Cryptographic Hash Functions
Functions
• Step 5. Output. The contents in buffer words A, B, C, D are returned in sequence with low-order
byte first.
History of MD5 Collisions
• 2004: first collision attack
• The only difference between colliding messages is 128 random-looking bytes
• 2007: chosen-prefix collisions
• For any prefix, can find colliding messages that have this prefix and differ up
to 716 random-looking bytes
• 2008: rogue SSL certificates
• Talk about this in more detail when discussing PKI
• 2012: MD5 collisions used in cyberwarfare
• Flame malware uses an MD5 prefix collision to fake a Microsoft digital code
signature
Secure Hash Algorithm (SHA)
• Developed by NIST and released as FIPS, PUB
180 in 1993
• Based on MD4 structure. Similar to MD5 –
messages are padded to multiple of 512 bits
• Produces 160 bit has value
• Every bit of output depends on every bit of
input
• Very important property for collision-resistance
• Brute-force inversion requires 2160 ops, birthday
attack on collision resistance requires 280 ops
• Some weaknesses discovered in 2005
• Collisions can be found in 263 ops
SHA1 algorithm consists of 6 tasks:
• Task 1. Appending Padding Bits. The original message is "padded"
(extended) so that its length (in bits) is congruent to 448, modulo 512. The
padding rules are:
• The original message is always padded with one bit "1" first.
• Then zero or more bits "0" are padded to bring the length of the message up to 64
bits fewer than a multiple of 512.
• Task 2. Appending Length. 64 bits are appended to the end of the padded
message to indicate the length of the original message in bytes. The rules
of appending length are:
• The length of the original message in bytes is converted to its binary format of 64
bits. If overflow happens, only the low-order 64 bits are used.
• Break the 64-bit length into 2 words (32 bits each).
• The low-order word is appended first and followed by the high-order word.
SHA1 Steps
• Task 3. Preparing Processing Functions. SHA1 requires 80 processing
functions defined as:
f(t;B,C,D) = (B AND C) OR ((NOT B) AND D) ( 0 <= t <= 19)
f(t;B,C,D) = B XOR C XOR D (20 <= t <= 39)
f(t;B,C,D) = (B AND C) OR (B AND D) OR (C AND D) (40 <= t <= 59)
f(t;B,C,D) = B XOR C XOR D (60 <= t <= 79)