Administration Computer Security CS477 Lecture 7 Ching Hua Chuan September 24th 2008 Today s Outline The SHA Secure Hash Function Chap 3 2 HMAC Secure Hash Algorithm SHA SHA The first version was developed by the National Institute of Standards and Technology NIST and published as a federal information processing standard in 1993 Several versions were developed SHA 1 SHA256 SHA 384 SHA 512 Comparisons of SHA Parameters SHA 512 Input 2128 bits output 512 bit message digest Step 1 padding the message so that its length is 896 mod 1024 Security against birthday attack SHA 512 SHA 512 Total length N x 1024 64 bit register Step 2 append a 128 bit block to the message Step 3 initialize hash buffer a b c d e f g h 5BE0CD Total 512 bits SHA 512 SHA 512 Step 4 process message in 1024 bit 128 word blocks Step 4 process message in 1024 bit 128 word blocks SHA 512 SHA 512 Step 5 output is the 512 bit message digest HN The function 80 rounds For each round Wt 64 bit from Mi Kt an additive constant Kt Provides a randomized set of 64 bit patterns eliminating any regularities in the input data Hi 1 SHA 512 HMAC Characteristics of SHA 512 Every bit of the hash code is a function of every bit of the input The complex repetition of function F produces wellmixed results Motivations for developing a MAC from a cryptographic hash code Security Strength Coming up two messages with the same hash code needs 2256 operations Finding a message with a given digest needs 2512 operations Recall Message Authentication Code MAC a small block of data generated by using a shared secrete key on the message Hash function is faster in software than encryption Library code for has is widely available A hash function such as SHA was not designed for use as a MAC because it does not rely on a secrete key HMAC Objectives To use without modifications available hash functions To allow easy replacement of the embedded hash function To preserve the original performance of the hash To use and handle keys in a simple way To have a well understood cryptographic analysis of the strength of the MAC based on reasonable assumptions on the embedded hash HMAC Algorithm b bits b bits Characteristics of HMAC K secrete key K padded with zero b bits ipad 00110110 repeated b 8 times XOR with ipad opad b L 1 bits Yi ith block of M 0 i L 1 opad 01011100 repeated b 8 times So Si H K opad H K ipad M Today s Summary The SHA Secure Hash Function Chap 3 2 Versions parameters algorithm Characteristics and security strength HMAC Motivations objectives Algorithm Characteristics Pseudorandomly generates two keys from K Performance Output n bit HMAC K M Flipping different halves of bits of K Randomization HMAC should execute in approximately the same time as the embedded hash