2007 8 Sha
2007 8 Sha
Algorithms
Kevin Casey, Adam Cohen, Ju
Kim
Overview
• General Overview of Cryptography
• Variations of Hash Algorithms
• Differences between Secure Hash
Algorithms
• Cryptanalysis of SHA
• Applications
• Conclusion
Cryptography Variations
• UNIX Crypt
– The UNIX hashing algorithm
– crypt is relatively obscure and rarely used for e-mail attachments nor as a file format
– crypt is considered far too cryptographically weak to withstand brute force attacks by modern computing systems
• MD4
– A one-way hash function that produces a 128-bit hash, or message digest.
– If as little as a single bit value in the file is modified, the MD4 checksum for the file will change.
– Forgery of a file in a way that will cause MD4 to generate the same result as that for the original file is considered
extremely difficult.
• MD5
– An improved, and more complex, version of MD4
– circa 1992
– 128-bit hash
– "almost broken" by Hans Dobbertin circa 1995
– Fully broken by collision attack Wang et. al. 2004
• Data Encryption Standard (DES)
– Symmetric, feistel cipher
– Key size (in bits): 112 or 168
– Time to crack (assume a machine could try 255 keys per second - NIST): 4.6 billion years
• Advanced Encryption Standard (AES)
– Symmetric, block cipher
– Key size (in bits): 128, 192, 256
– Time to crack (assume a machine could try 255 keys per second - NIST): 149 trillion years
• Secure Hash Algorithm (SHA)
– produces a 160-bit hash, longer than MD5.
– The algorithm is slightly slower than MD5, but the larger message digest makes it more secure against brute-
force collision and inversion attacks.
Flavors of SHA
• SHA-0
• SHA-1*
• SHA-224*
• SHA-256*
• SHA-384*
• SHA-512*
• 1995
– SHA-1 published as the successor to SHA-0
• 2002
– SHA-2 variants
• SHA-256, SHA-384, and SHA-512 published
• 2004
– SHA-224 published
– hash computation
• The hash computation generates a message schedule from
the padded message and uses that schedule, along with
functions, constants, and word operations to iteratively
generate a series of hash values
9
Algorithm – cont’d
10
Comparison between SHA’s
Algorithm Output size Internal state Block size Max message Word size Rounds Operations Collision
(bits) size (bits) (bits) size (bits) (bits)
• In this context, “security” refers to the fact that a birthday attack [HAC] on a
message digest of size n produces a collision with a workfactor of approximately 2(n/2).
How Secure are SHA?
This depends on your
view of “secure”
Cryptanalysis
14
Definitions
• Collisions – when 2 distinctly different
inputs produce the same hash output
15
Brute Force Attacks
16
Question???
• Assume that you have a 4ghz processor
that is capable of doing around 4 billion
ops/sec
17
Answer
• Using a single processor this would
take approx 2^37 seconds (or 4000
years) of CPU time (which obviously
is no big deal)
18
Applications
Pretty good privacy (PGP)
• PGP Encryption (Pretty Good Privacy) is a
computer program that provides
cryptographic privacy and authentication.
• Public key cryptography, also known as
asymmetric cryptography, is a form of
cryptography in which a user has a pair of
cryptographic keys - a public key and a
private key
• It was originally created by
Philip Zimmermann in 1991.
20
SSH
• Secure Shell or SSH is a set of standards
and an associated network protocol that
allows establishing a secure channel
between a local and a remote computer. It
uses public-key cryptography to
authenticate the remote computer and to
allow the remote computer to authenticate
the user. SSH provides confidentiality and
integrity of data exchanged between the
two computers using encryption and
message authentication codes .
21
TLS and SSL
• Transport Layer Security (TLS)
and its predecessor, Secure
Sockets Layer (SSL), are
cryptographic protocols which
provide secure communications on
the Internet for such things as
web browsing, e-mail, Internet faxing
, instant messaging and other data
transfers.
22
IPSec
• A set of protocols developed by the
internet Engineering Task Force, the
main standards organization for the
Internet to support secure exchange of
packets at the IP layer. IPsec has been
deployed widely to implement
Virtual Private Networks (VPNs).
23
IPSec
• IPsec supports two encryption
modes: Transport and Tunnel.
Transport mode encrypts only the
data portion (payload) of each
packet, but leaves the header
untouched. The more secure Tunnel
mode encrypts both the header and
the payload. On the receiving side,
an IPSec-compliant device decrypts
each packet.
24
S/MIME
• S/MIME was originally developed by
RSA Data Security Inc
• S/MIME (Secure Multi-Purpose Internet Mail
Extensions) is a secure method of sending e-mail
that uses the Rivest-Shamir-Adleman encryption
system. S/MIME is included in the latest versions
of the Web browsers from Microsoft and Netscape
and has also been endorsed by other vendors
that make messaging products. RSA has
proposed S/MIME as a standard to the Internet
Engineering Task Force (IETF). An alternative to
S/MIME is PGP/MIME, which has also been
proposed as a standard.
25
Questions
???