Hashing (OBJ 1.4)

(OBJ 1.4)

Hashing

• One-way cryptographic function that produces a unique message digest from an input
• The resulting message digest acts as a digital fingerprint for the original file
• Another unique thing about a hash digest is that they are always the same length regardless of how long your input is.

Hash Digest

• Like a digital fingerprint for the original data
• Always of the same length regardless of the input's length

Common Hashing Algorithms

• MD5 (Message Digest Algorithm 5)

  • The most popular and widely used Hashing algorithm over the last few decades
  • Creates a 128-bit hash value that is unique to the input file
  • Limited unique values, leading to collisions
  • Not recommended for security-critical applications due to vulnerabilities

• SHA (Secure Hash Algorithm) Family

  • SHA-1
    • Produces a 160-bit hash digest, less prone to collisions than MD5
  • SHA-2
    • Offers longer hash digests (SHA-224, SHA-256, SHA-348, SHA-512)
    • Each of those has a digest between 224-bits up to 512-bits, as their name suggests.
  • SHA-3
    • Uses 224-bit to 512-bit hash digests, more secure, 120 rounds of computations to create its message digest for each unique file
  • Each version of SHA performs a different number of rounds of mathematical computations to create the hash digest
    • From 64 to 80 rounds
  • SHA-256 or SHA-3 is the most secure of all the list

• RIPEMD (RACE Integrity Primitive Evaluation Message Digest)

  • Versions available
    • 160-bit (Most common)
      • RIPEMD-160 is an open-source competitor to SHA but less popular
    • 256-bit
    • 320-bit

• HMAC (Hash-based Message Authentication Code)

  • Checks message integrity and authenticity
  • Utilizes other hashing algorithms (e.g., HMAC-MD5, HMAC-SHA1, HMAC-SHA256) depending on the underlying hash that is going to be used with HMAC.

Applications of Hashes

Digital Signatures

• Uses a hash digest encrypted with a private key
• Sender hashes the message and encrypts the hash with their private key
• Recipient decrypts the digital signature using the sender's public key
• Verifies integrity of the message and ensures non-repudiation
  • I'm the only person in the world who has a copy of my private key.
• Code signing of files relies upon the digital signature for a program or file being added to that file
  • Installer app must be digitally signed for a launched app

Common Digital Signature Algorithms

• DSA (Digital Security Algorithm)
  • Utilized for digital signatures
  • Uses a 160-bit message digest created by DSS (Digital Security Standard
  • Federal government uses DSS
  • But most commercial entities, will rely on RSA instead for speed and key distribution
• RSA (Rivest-Shamir-Adleman)
  • Supports digital signatures, encryption, and key distribution
  • Widely used in various applications, including code signing
• Elliptic Curve Cryptography version of either DSA or SHA

Summary about hashing

• Hashes change drastically even with minor changes in input
• Hashing is used to verify data integrity and detect any changes
• As you extend that space of what that unique hash value can be you have less collisions in return
  • A 128-bit message digest will produce more collisions that a 256-bit message digest.