Chapter 14 - 03 - Discuss Various Hash Functions and Cryptography Tools - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Cryptography Exam 212-82 Module © Discuss Cryptographic Security Techniques Cryptography / Flow O Discuss Various Cryptographic Algorithms I Discuss Various Hash Functions and Cryptography Tools Discuss PKI and Certificate Management Concepts Discuss Other Applications of Cryptography Discuss Various Hash Functions and Cryptography Tools This section deals with various hash functions such as MD5, MD6, SHA, etc. and cryptography tools that you can use to encrypt sensitive data to protect it from unauthorized access by any party other than the person for whom it is intended. Module 14 Page 1671 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography IMDS5 and MD6 The MD5 algorithm takes a message of message digest of the input arbi as the input and then outputs a MDS5 is not collision resistant; use of the latest algorithms, such as s and it fi int or , is recommended uses a Merkle tree-like structure to allow for immense parallel computation of hashes for very long inputs. It is resistant to differential cryptanalysis attacks MDS and MD6 are deployed for digital signature applications, file integrity checking, and storing passwords MDS & SHA1 Hash Generator and Verifier Generate an3 ity Te MOSSHAT KN of & The WENOW Upadng £ Chek 10 soloct a 8o lllll Test Fie sae B Crwoaum trpe Fie crmchsum MDS5 Algorithm #MDS or drag and drop & hete max Chooss the | Test Fie 1t 4GB ) Fibe i 0 [ Besseesas > SHAL L SHA2% [+10000 1 coamomrraceces e ena | Receiver https/fonlinemds.com L All Rights Reserved. Reproduction Is Strictly Prohibited MDS5 and MD6 MD2, MD4, MDS5, and MD6 are message digest algorithms used in digital signature applications to compress a document securely before the system signs it with a private key. The algorithms can be of variable length, but the resulting message digest always has a size of 128 bits. The structures of all three algorithms (MD2, MD4, and MDS5) appear similar, although the design of MD2 is reasonably different from that of MD4 and MD5. MD2 supports 8-bit machines, while MD4 and MD5 support 32-bit machines. The algorithm pads the message with extra bits to ensure that the number of bits is divisible by 512. The extra bits may include a 64bit binary message. Attacks on versions of MD4 have become increasingly successful. Research has shown how an attacker launches collision attacks on the full version of MD4 within a minute on a typical PC. MDS is slightly more secure but is slower than MD4. However, both the message digest size and the padding requirements remain the same. MDS is a widely used cryptographic hash function that takes a message of arbitrary length as input and outputs a 128-bit (16-byte) fingerprint or message digest of the input. MD5 used in a wide variety of cryptographic applications and is useful applications, file integrity checking, and storing passwords. However, can be for digital signature MD5 is not collision resistant; therefore, it is better to use the latest algorithms, such as MD6, SHA-2, and SHA-3. MD6 uses a Merkle-tree-like structure to allow for large-scale parallel computation for very long inputs. It is resistant to differential cryptanalysis attacks. of hashes To calculate the effectiveness of hash functions, check the output produced when the algorithm randomizes an arbitrary input message. Module 14 Page 1672 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. g:yr:,i:;egdr :;Il::rsecurity Technician Exam 212-82 The following are examples of minimally different message digests: = echo “There is CHF1500 in the blue bo” | md5sum e41a323bdf20eadafd3f0e4f72055d36 = echo “There is CHF1500 in the blue box” | md5sum 7a0da864a41fd0200ae0ae97afd3279d = echo “There is CHF1500 in the blue box.” | md5sum 2db1ff7a70245309e9f2165c6¢34999d Even minimally different texts produce radically different MD5 codes. MDS5 & SHA1 I Sender Hash Generator and Verifier VDS & SHA1 Hash Generator For File Gevmrate and verfy P MDYSHAL Chechkaum of 8 Se without uploadng ¢ Choose fie Test Fie tat Chckto saloct a o, or drag and drop # here( max 4GB ) b ‘ 4 , \ “ | ' w) L J ‘ ‘ -. HH : | P P—— ’ R Q MDS5 Algorithm Fiename Test Fée tad File sre L D T e SHAY A T T e i N6 | T TT [91300161CBAS00BTEI0BOEF 2EEBA o > ‘r‘ - - * MDS Fie checksm e s T 2% Checksum type SR e. ] Compare Pase Receiver siop Figure 14.12: Verifying MD5 Hash Note: Message digests are also called as one-way hash functions because they cannot be reversed. :..'............'..'>fi Document Message Digest Function Hash Value Figure 14.13: Working of Message Digests Module 14 Page 1673 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Cryptography Exam 212-82 Secure Hashing Algorithm (SHA) O This algorithm generates a cryptographically secure one-way hash; it was published by the National Institute of Standards and Technology as a US Federal Information Processing Standard SHA-1 9 H ST, @ ‘e produces a 160-bit digest from a message with (2% - 1) bits, and it resembles the MDS5 algorithm a maximum length of SHE.2 = ° 5 = It is a family of two similar hash functions with different block sizes, namely, SHA-256, which uses 32-bit words, and SHA-512, which uses 64-bit words. SHA-3 e ° » SHA-3 uses the sponge construction, in which message blocks are XORed into the initial bits of the state, which is then invertibly permuted Secure Hashing Algorithm (SHA) The NIST has developed the Secure Hash Algorithm (SHA), specified in the Secure Hash Standard (SHS) and published as a federal information-processing standard (FIPS PUB 180). It generates a cryptographically secure one-way hash. Rivest developed the SHA, which is similar to the message digest algorithm family of hash functions. It is slightly slower than MD5, but its larger message digest makes it more secure against brute-force collision and inversion attacks. SHA encryption is a series of five different cryptographic functions, and it currently has three generations: SHA-1, SHA-2, and SHA-3. = SHA-0: A retronym applied to the original version of the 160-bit hash function published in 1993 under the name SHA, which was withdrawn from trade due to an undisclosed “significant flaw” in it. It was replaced with a slightly revised version, namely SHA-1. = SHA-1: It is a 160-bit hash function that resembles the former MDS5 algorithm developed by Ron Rivest. It produces a 160-bit digest from a message with a maximum length of (254 - 1) bits. It was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm (DSA). It is most commonly used in security protocols such as PGP, TLS, SSH, and SSL. As of 2010, SHA-1 is no longer approved for cryptographic use because of its cryptographic weaknesses. = SHA-2: SHA2 is a family of two similar hash functions with different block sizes, namely SHA-256, which uses 32-bit words, and SHA-512, which uses truncated versions of each standard are SHA-224 and SHA-384. = SHA-3: SHA-3 uses sponge construction in which message 64-bit words. blocks are XORed The into the initial bits of the state, which the algorithm then invertibly permutes. It supports the same hash lengths as SHA-2 but differs in its internal structure considerably from the rest of the SHA family. Module 14 Page 1674 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Cryptography Comparison of SHA functions (SHA-0, SHA-1, SHA-2, and SHA-3). Algorithm and variant Oiitout ile m(:lts) In:::;:al size (bits) Block | Maximum Size message | Rounds (bits) | size (bits) Operations Security (bits) 32 MDS5 (as reference) 128 (4*32) 128 512 2 64 1 64 Addmod 2°, and, or, xor,