Hash Functions

-


One way functions that transfer character inputs to compressed output value named as hash functions. The input can be infinite(arbitrary), but the output always has a finite(fixed) set of characters. This produces a fingerprint of the file/message/data


source: Wikipedia
You cannot reverse the function and get the input value in Hash functions. If you have the content, you can use the hash function to calculate the hash value, but the other way around is not possible. If you have the hash value and the function, you can’t use it to get the input text.


Below are sample scenarios that hash functions may become useless.
  1. If the function is reversible, it’s not secure. Hash values can be exposed to the public. Hence we don’t want someone seeing the hash value.
  2. The values may not collision resistant. There may be use cases with two unique input values return the same hash value. Since digital certificates/Signatures using hash functions, it will give the chance to cheat.


Below is a simple hash function.
H =h(M)
H= hash value
h=hash function
M=Input value
If it’s infeasible to find any x,y h(x)=h(y) we called them as strong collision resistance functions
For given x if it’s infeasible to find y, h(x)=h(y), the functions are weak collision resistance
Given H it’s infeasible to find h(x)=H is demonstrated, one way property of hash functions.


Let’s discuss some hash functions.

1. Message Digest 5 (MD5)
MD5 is the fifth edition of the MD algorithms. This produces the 128-bit hash and the hash is depend on the all message bits. This has been chipped away due to collision resistance feature. In 2013 crypt analysts discovered a technique to breaks md5 collision resistance in less than a second.
2. Secure Hash Algorithm (SHA)
Up to now, there are 3 versions of SHA’s are introduced. SHA-1, SHA-2, and SHA-3.
SHA-1 using 160-bit hash value and cryptanalysis has discovered the SHA-1 is not secure anymore. SHA-1 is employed in several widely used applications and protocols including Secure Socket Layer (SSL) security. Then they have introduced SHA-2, which contains six hash functions. This returns 224, 256, 384 and 512-bit hashes.

There are no known attacks against SHA-2 yet :) But there’s a definite risk of breaking SHA-2 because they are using the same mathematical methods used for SHA-1 and MD5. Therefore SHA-3 is introduced back in 2006. This uses completely different mathematical methods than other hash functions.

The hash length can be designed by the person who is creating the hash. Hence any desired length is possible.

Now here comes the politics into the cryptography. :D Since US government involved in the creation of the SHA-1, SHA-2 algorithms people tend not to trust the SHA family. Here’s the invention of RIPEMD algorithm.

3. Race Integrity Primitives Evaluation Message Digest - RIPEMD
This has been invented by Belgian open research community which is known as a family of European hash functions. This produces 128, 160, 256 and 320-bit hashes. But 160 bit hashes are using today.

4. Whirlpool

Whirlpool is block-cipher based 512-bit hash function which consists of three versions (WHIRLPOOL-0, WHIRLPOOL-T, and WHIRLPOOL)





SHA-1
MD5
RIPEMD-160
Whirlpool
Digest length
160 bits
128 bits
160 bits
512 bits
Basic unit of processing
512 bits
512 bits
512 bits
512 bits
Number of steps
80 (4 rounds of 20)
64 (4 rounds of 16)
160 (5 paired rounds of 16)
10



Few of the applications of Hashing are password storage, data integrity test, and digital signatures.
Cryptocurrency, blockchain are most common user scenarios in hash functions.  


Let’s discuss more use cases of Hashing.
1. HMAC - Hash-based Message Authentication Code
HMAC is more secure than MAC. Let’s discuss the MAC first.

Message Authentication Code - Using symmetric cryptography mechanism
MAC is a block of few bytes that is used to create a fixed size block. The size of the block may vary on the key and the message. Since the receiver can calculate the MAC value and check the integrity of the data, MAC doesn’t needed to be reversible.



Source: wikipedia


MAC can be calculated using below Formula
MAC = F(K, M)
K=Key
M=Message
Since key and the message hashed in different steps, HMAC is much secure than MAC. Using a hash function will give you several advantages like.
HMAC is much faster than MAC and also it keeps as the internet standard RFC2104. Using a secret handshake will ensure that message is not altered in the network.
Below function is using to generate the HMAC
HMAC(key, msg) = H(mod1(key) || H(mod2(key) || msg))
But still using a brute force attacks/birthday attacks can exploit the HMAC.

If there are >= 23 people in the room, there’s more than 50% chance to have the same birthday for two of them. If I’m considered me as a part of the pair, I need to have 253 to get the correct pair. In other way, I’m combining 253 people to make all the sets.

But if I’m considering only a random pair, then we need only 23 people in the room to make that 253 combination. 253 pair will increase the chance of matching the birthday of a pair, more than 50%
Below image I found on the internet, describes about the birthday paradox.
That’s it! :)



Comments

Post a Comment

Popular posts from this blog

CAP THEOREM

-
Image
What’s C, A and P? Consistency is the easiest one. It roughly means that the clients get the same view of data. By saying that a system is consistent we often mean strong consistency, but it also can come in different flavors. Availability is a property saying that every request to a non-failing node will return a (meaningful) response. The response may not contain all data (so the harvest will not be 100%), but it should be useful for the client. Partition tolerance means that the system will continue working even if any number of messages sent between nodes is lost. This can be e.g. a network failure between two data centers, where nodes in each data center form a partition. Also note that a failure of any number of nodes forms a partition (it is not possible to distinguish between a network failure and a node failing and stopping to respond to messages). The basic statement of the CAP theorem is that, given the three properties of Consistency, Availability, and Pa
Read more

How you can manage throttle out errors in WSO2 API Manager

-
Image
You might face the above-mentioned error if you have an application in Dialog Ideabiz platform.Let’s start from the beginning. Once you create an application on Ideabiz, you need to subscribe to the APIs you require. We use WSO2 API manager to manage the APIs . When admin approves your API subscriptions, he/she will assign a tier value for each API(5tps, 10 tps etc.). Also, they will assign a tier value for the application as well. Let’s assume you wanted to create an application by using SMS and Payment API. The team has assigned 5tps for each API and 10tps for your application. You use SMS API only to send SMS to the users and payment API to charge the users on daily basis. When considering each API, (as per above example) you should manage  5 transactions per second in the SMS API. Which means you can have 5 API calls per second. Let’s assume before you send the SMS, you want to charge Rs 1 from the user. Therefore you need to call payment API as well. Since the Pa
Read more