Scribd
Upload
329 views11 pages

Hash and MAC Algorithms in Security

This document discusses hash functions, message authentication codes (MACs), and secure hash algorithms such as SHA-1 and SHA-512. It describes how hash functions condense messages to fixed sizes, and how MACs provide authentication for messages. SHA-1 is based on MD4 and produces 160-bit hashes, while SHA-512 processes 1024-bit blocks over 80 rounds to produce 512-bit hashes. HMAC is specified as an internet standard and uses a hash function to authenticate messages using a key and inner and outer padding.

Uploaded by

rishabhdubey
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
329 views11 pages

Hash and MAC Algorithms in Security

This document discusses hash functions, message authentication codes (MACs), and secure hash algorithms such as SHA-1 and SHA-512. It describes how hash functions condense messages to fixed sizes, and how MACs provide authentication for messages. SHA-1 is based on MD4 and produces 160-bit hashes, while SHA-512 processes 1024-bit blocks over 80 rounds to produce 512-bit hashes. HMAC is specified as an internet standard and uses a hash function to authenticate messages using a key and inner and outer padding.

Uploaded by

rishabhdubey
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Chapter 12 – Hash and MAC

Algorithms
Hash and MAC Algorithms
 Hash Functions
 condense arbitrary size message to fixed size
 by processing message in blocks

through some compression function

either custom or block cipher based
 Message Authentication Code (MAC)
 fixed sized authenticator for some message

to provide authentication for message

by using block cipher mode or hash function
Secure Hash Algorithm
 SHA originally designed by NIST in 1993
 was revised in 1995 as SHA-1
 US standard for use with DSA signature scheme

standard is FIPS 180-1 1995, also Internet RFC3174

nb. the algorithm is SHA, the standard is SHS
 based on design of MD4 with key differences
 produces 160-bit hash values
 recent 2005 results on security of SHA-1 have
raised concerns on its use in future applications
Revised Secure Hash
Standard
 NIST issued revision FIPS 180-2 in 2002
 adds 3 additional versions of SHA
 SHA-256, SHA-384, SHA-512
 designed for compatibility with increased
security provided by the AES cipher
 structure & detail is similar to SHA-1
 hence analysis should be similar
 but security levels are rather higher
SHA-512 Overview
SHA-512 Compression
Function
 heart of the algorithm
 processing message in 1024-bit blocks
 consists of 80 rounds

updating a 512-bit buffer
 using a 64-bit value Wt derived from the
current message block
 and a round constant based on cube root of
first 80 prime numbers
SHA-512 Round Function
SHA-512 Round Function
Keyed Hash Functions as MACs
 want a MAC based on a hash function
 because hash functions are generally faster
 code for crypto hash functions widely
available
 hash includes a key along with message
 original proposal:
KeyedHash = Hash(Key|Message)
 some weaknesses were found with this
 eventually led to development of HMAC
HMAC
 specified as Internet standard RFC2104
 uses hash function on the message:
HMACK = Hash[(K+ XOR opad) ||
Hash[(K+ XOR ipad)||M)]]
 where K+ is the key padded out to size
 and opad, ipad are specified padding constants
 overhead is just 3 more hash calculations than
the message needs alone
 any hash function can be used

eg. MD5, SHA-1, RIPEMD-160, Whirlpool
HMAC Overview

You might also like