Hashing is crucial in network security for ensuring integrity.
A hashing function is a one-way cryptographic function that takes an input and produces a unique output (message digest).
Properties of Hashing
One-way function: It is impossible to reverse the hashing function to retrieve the original message based on the hash digest.
Outputs a hash digest: Similar to a digital fingerprint; unique for each input file.
Consistent length: The hash output remains constant regardless of the input size (e.g., a file of 1 word vs. 1 million words results in the same length hash digest).
Key Hashing Algorithms
Several main hashing algorithms are pivotal in practice:
MD5
SHA family
RIPEMD
HMAC
MD5 (Message Digest Algorithm 5)
Widely utilized hashing algorithm over the last few decades.
Produces a 128-bit hash value.
Drawback: Limited unique values can lead to collisions (two different inputs producing the same hash output).
SHA (Secure Hash Algorithm) Family
Developed to enhance the limitations of MD5.
Includes:
SHA-1: 160-bit hash digest, reduces collisions compared to MD5.
SHA-2: A family including SHA-224, SHA-256, SHA-384, SHA-512; produces longer hash digests from 224 bits to 512 bits.
SHA-3: Newer family with similar output sizes (224-512 bits), but enhances security with 120 rounds of processing compared to SHA-2's 64-80 rounds.
Commonly used version is RIPEMD-160; considered an open-source alternative to SHA but less popular.
HMAC (Hash-based Message Authentication Code)
Used for checking the integrity and authenticity of a message.
Paired with other algorithms to form HMAC variants (e.g., HMAC-MD5, HMAC-SHA1, HMAC-SHA256).
Applications of Hashing
Digital Signatures:
Created by hashing a file and encrypting the hash with a private key
Example:
Hash an email using SHA-1, resulting in a 160-bit hash digest.
Encrypt this with the sender's private key to produce a digital signature.
Attach the encrypted hash with the email to maintain integrity.
Upon receipt, the recipient will:
Decrypt the digital signature with the sender's public key to retrieve the hash digest.
Hash the received email on their system and compare the hash with the one from the digital signature.
A match indicates that the email was not tampered with during transit.
Non-repudiation is achieved because only the sender possesses the private key.
Practical Use of Digital Signatures
Can utilize algorithms like:
DSA (Digital Signature Algorithm)
RSA (Rivest-Shamir-Adleman cipher)
Elliptic Curve Cryptography versions
Example applications include:
Code Signing for mobile applications:
Developers register with platforms like Apple or Google to receive a private key.
Hash and digitally sign the installer file to ensure it remains unchanged post-publication.
Demonstration of Hash Changes
Changing even a single character in a file results in a drastically different hash output:
Example: UK spelling "defence" (with C-E) vs. US spelling "defense" (with S)
A hash generated from these will be entirely different.
Other examples demonstrate how even minor modifications (like changing the order of digits or adding spaces) lead to significant differences in hash outputs.
Collision in Hashing
Defined as two different inputs producing the same hash digest.
More susceptible with MD5 due to its 128-bit limitation in hash values, leading to a higher occurrence of collisions.
Alternatives like SHA-1, SHA-256, or SHA-512 have larger bit sizes and thus fewer collisions.
Conclusion
Hashing acts as a critical mechanism for verifying the integrity of files and data.
Digital signatures are fundamentally encrypted hash digests, added to ensure authenticity and integrity.