Part II: Certification
When comparing whether two messages consistent, we do not have a direct comparison of the content of the message itself, as long as the comparison of their "fingerprints" on the line.
A one-way hash function (one-way hash function)
One-way hash function is also called a message digest function (message digest function), a hash function or hash function.
A one-way hash function has one input and one output, wherein the input message called (Message), called a hash output value (hash value) is also called a message digest (message digest) or fingerprint. A one-way hash function may be calculated based on the contents of the message hash value, and the hash value can be used to check the integrity of the message. The so-called integrity means have not been tampered with, or called consistency.
Here, the message can be text, images, or documents. And the length of the message and regardless of hash value, regardless of how much the size of the message, the hash function will calculate the hash value of a fixed length. The one-way hash function SHA-256, which calculates the length forever
It is 256bit.
Properties of individual hash function
(1), a fixed-length hash value is calculated based on a message of arbitrary length
(2) can quickly calculate a hash value
(3), different messages, not the same hash value (even 1bit, hash values are different), it is difficult to discover the nature of the collision is called collision resistance, a separate one-way function used in cryptography, are provided with an anti-collision sex. That is difficult to find two messages the same hash value.
(4) comprising unidirectional, it refers to the value of properties can not be calculated backward by hashing the message. Not broken mirror ends it
The practical application of the individual hash function
1, detection software has been tampered with
2, password-based encryption
A one-way hash function is also used for password-based encryption (Password Based Encryption, PBE). PBE is the principle of a password and salt (SLAT, a random value generated by the pseudo-random number generator) the hash value calculated after mixing, and then this hash value encrypted key used.
3, a message authentication code
Message authentication code is calculated hash value "a shared secret between the sender and receiver" and "message" mixed. Using a message authentication code can detect and prevent errors during communication, and camouflage tamper
4, the digital signature
The digital signature process is time consuming, it is generally not directly applied to the contents of the entire message a digital signature, but the first message is calculated by the one-way hash function hash value, and then applying a digital signature to the hash value.
5, one-time password
One-time password is often used for verification of legality server to the client. In this manner, by using a one-way hash function ensures that the password transmitted over the communication link only once, even if an eavesdropper to steal the password, can not be used.
Common way hash function
We recommend the use of SHA-2, SHA-3
1, MD4, MD5, MD (Message Digest Abbreviation)
MD4, can produce a hash value 128bit have been unsafe
MD5, the hash value can be generated 128bit, but the impact strength of MD5 has been broken, that is, now capable of producing two different messages with the same hash value, and therefore has unsafe.
2, SHA-1, SHA-256, SHA-384, SHA-512
SHA-1: a one-way hash functions can generate a hash value of 160bit, which has a strong impact resistance was broken in 2005, has not recommended
SHA-256, SHA-384, SHA-512, the length of their hash values are 256bit, 384bit and 512bit, these one-way hash functions collectively referred to as SHA-2. They also present an upper limit message length (SHA-256 is close to the upper limit of 2 ^ 64bit, SHA-384 and SHA-512 is an upper limit close to 2 ^ 128bit)
3、PIPEMD-160
Capable of generating one-way hash function 160bit, which has a strong impact resistance was broken in 2004, in addition to compatibility purposes, but other cases are not recommended. Bits used credits is PIPEMD-160.
3, SHA-3
2012 identified as Keccak algorithm SHA-3 standard of.
Which uses SHA-2 with a completely different structure and clear structure, easy analysis can be applied to various devices, but also for embedded applications implemented in hardware showed a high performance, compared to other algorithms final candidate greater margin of safety.
Keccak
Keccak hash value may be generated of any length, but in order to fit the length of a hash value of the SHA-2, SHA-3 The Standard specifies SHA3-224, SHA3-256, SHA3-384, SHA3-512 the four versions. No size limitation in terms of the input maximum length.
One-way hash function can not solve the problem
Use one-way hash function can also be called the integrity of consistency checks, but in some cases even be able to check the integrity is of no significance. For example an attacker masquerading as the sender sends the message and the hash value to the recipient. Then the recipient can by way hash function to check the integrity of the message, but can not check the identity of the sender whether the camouflage. In other words, a one-way hash function can identify the "tampering", but can not identify the "camouflage" .
Therefore, only the confirmation message integrity is not enough, also need to be certified. It includes techniques for authentication and digital signature a message authentication code.
Second, a message authentication code (Message Authentication Code)
Using a message authentication code based on whether the message has been tampered with, and whether someone masquerade as the sender sent the message.
As for the transfer request, we need to focus on the integrity of remittance requests and certification of these two properties. Integrity, to be able to confirm the contents of the transfer request has not been tampered with, such as accounts receivable and accounts receivable amount. Certification, to be able to confirm who the message is sent, not disguised attacker.
Is a message authentication code to verify the integrity and authentication technique, three take the first letter of the word, referred to as the MAC.
Input message authentication code and the message includes a shared between the sender and the receiver of the keys of any length, which can be a fixed length output data, the Data to the MAC value.
The fixed-length output data message of any length, and it is similar to a one-way hash function. But the key is not necessary when the one-way hash function hash value is calculated, the contrast, the message authentication code is required between the sender and the receiver share a key.
It can be understood as a message authentication code is a one-way hash function with a key associated with one kind.
Key message authentication code delivery problems
Requires shared key between a sender and receiver of a message authentication code, which is similar to symmetric cryptography, symmetric cipher key distribution and also the same way, such as using public key cryptography, Diffie-Hellman key exchange, the key distribution center, or other secure way to send keys and so on.
Application Examples of message authentication code
1、SWIFT
Society for Worldwide Interbank Financial Telecommunication, short for Worldwide Interbank Financial Telecommunications Association, whose aim is to escort transactions between international banks. It is to pass between the banks and the bank transactions via SWIFT message, in order to confirm the integrity of the message and the message authentication, using the SWIFT message authentication code.
2、IPsec
Internet Protocol is a basic communication protocol --IP a way to increase security. In the IPsec, authentication and integrity checking of communication contents are based message authentication code to complete
3、SSL/TLS
A secure communication protocol, authentication and integrity checking for communications within the cylinder also uses a message authentication code
Implementation of a message authentication code
A one-way hash function (1) using the SHA-2 may be achieved such a message authentication code, wherein an implementation method is called HMAC
(2) using the AES block cipher such implementation, the block cipher key is used as a shared key message authentication code, and a message with all the CBC mode encryption, a fixed initialization vector IV, the last packet ciphertext as the MAC value. AES-CMAC (RFC4493) is a kind of message authentication code based on AES achieved.
Message Authentication Code can not solve the problem
1, for third party certification
Suppose Bob After receiving the message from Alice, wants to prove to a third-party verifier Victor this Alice sends message indeed, but using a message authentication code can not prove such as, first, to check the MAC value Victor , you need to know is shared between Alice and Bob's keys. Be able to calculate the correct MAC value people only Bob and Alice, when communicating between the two of them, the other side can be concluded that the calculated MAC value, because the key is shared among the parties, one party is their own. However, third-party Victor, Alice and Bob could not prove that the other party to calculate the MAC value, rather than their own.
2, to prevent denial
Suppose Bob receives the message containing the MAC value with the MAC value is Alice and Bob shared key calculated, so Bob can be determined this message is from Alice. But above said Bob can not prove it to Victor, that is, the sender Alice can claim to Victor: I have not sent a message to Bob this, such an act is called denial .
Third, the digital signature
Message Authentication Code can not prevent denial