Cryptography Fundamentals and Hashing Algorithms
Cryptography is a method of keeping information secret and safe by converting it into a form that unintended recipients cannot understand.
Cryptography’s purpose is to provide integrity, confidentiality, authentication and non-repudiation.
To make this easy to remember, I came up with the mnemonic ICAN.
ICAN Keep Information Secret and Safe
Integrity ensures that data has not been modified, tampered with, or corrupted — whether maliciously or accidentally. This is possible through the use of hashing algorithms.
Confidentiality ensures that data is only viewable by authorized users and not unintended people. This is possible with encryption and decryption.
Authentication validates an identity. This is possible with digital signatures, digital certificates, or a Public Key Infrastructure (PKI).
Non-repudiation prevents a party from denying an action, such as the case when they deny they sent a message that was indeed from them. This is possible through digital signatures, digital certificates, or a Public Key Infrastructure (PKI) as well.
Note: ICAN is not a legitimate acronym for integrity, confidentiality, authentication, and non-repudiation. Additionally, cryptography does not follow the CIA Triad, so do not get confused! The “A” in cryptography stands for authentication. In the CIA Triad, the “A” stands for availability.
Hashing
Hashing verifies integrity of data by using a hash. A hash is a number created with a hashing algorithm e.g., MD5, SHA-1, SHA-2, HMAC-MD5 etc.
A hash is designed to create a unique digital fingerprint of the data.
An example of a hash looks like this:
A hash is also known as a checksum when you use it to check data for errors. If you know the checksum of an original file, you can use a checksum utility to confirm your copy is identical.
Here is an example of two checksums being compared between two files: horse.bmp and horse2.bmp. They both match which confirms that the copy is indeed identical!
Again, the purpose of hashing or checksums is to verify the integrity of data.
How can you compare checksums?
To produce a checksum, you can run a program that puts that file through a hashing algorithm. You can learn how to do this by clicking here.
Let’s go deeper and talk about hashing algorithms now!
Hashing Algorithms
A hash algorithm is a function that converts a data string into a numeric string output of fixed length.
The top two popular hashing algorithms used to verify integrity are MD5 and SHA.
A list of commonly known hashing algorithms today are:
- Secure Hash Algorithm (SHA)
- Message Digest (MD)
- RIPE Message Direct (RIPEMD)
- Hash-based Message Authentication Code (HMAC)
Secure Hash Algorithm (SHA)
SHA was designed by the National Security Agency (NSA) except for SHA-3 (formerly known as Keccak) which was developed by designers outside of the NSA after they won a public competition in 2012.
SHA is grouped into four families: SHA-0, SHA-1, SHA-2, and SHA-3.
SHA-0 is never used and SHA-1 creates 160-bit hashes.
SHA-2 has four versions:
1) SHA-224 → creates 224-bit hashes
2) SHA-256 → creates 256-bit hashes
3) SHA-384 → creates 384-bit hashes
4) SHA-512 → creates 512-bit hashes.
SHA-3 → creates hashes of the same size of each of all four versions of the SHA-2 family (224/256/384/512-bit hashes).
Message Direct (MD)
MD was designed by the cryptographer and MIT professor Ronald Rivest in the early 90’s. Ronald Rivest is the same man who co-developed the RSA encryption algorithm along with Adi Shamir and Leonard Adleman in 1977.
MD hash three versions: MD2, MD4, and MD5
The most commonly used version is MD5 for verifying the integrity of a hash or checksum and it produces a 128-bit hash. However, security experts discourage using it for any other reason due to significant vulnerabilities found in it since 2004.
MD4, its predecessor, creates a 128-bit hash as well. It has influenced the design of MD5, SHA-1, and RIPEMD algorithms.
MD2 creates a 128-bit hash as the earlier 8-bit version of MD5 and is considered insecure since 2014. It only remains in use for certificates generated with MD2 and RSA.
RIPE Message Direct (RIPEMD)
RACE Integrity Primitives Evaluation Message Digest or RIPEMD for short, is another hashing algorithm used for verifying the integrity of data. It isn’t widely used as much as MD5, SHA, and HMAC. RIPEMD creates 160-bit hashes. Other versions of it create 128-bit, 265-bit, and 320-bit hashes irrespectively.
Hash-based Message Authentication Code (HMAC)
HMAC is another popular method used to verify integrity of data… but it ALSO provides authentication simultaneously. This hashing algorithm is unique since it is applied to a message to make a message authentication code (MAC).
HMAC is different from the other hashing algorithms, because it also uses a shared secret key to randomize the result of a hash. Only the sender and receiver will know the secret key.
Internet Protocol security (IPsec) and Transport Layer Security (TLS) protocols use a version of HMAC such as HMAC-MD5 and HMAC-SHA1.
Summary
Hashing algorithms play an important role in cryptography since their functions serve the purpose of ensuring the integrity of data and sometimes providing authentication simultaneously, such as the case of HMAC. Becoming familiarized with these hashing algorithms will assist you in understanding the purpose that cryptography serves, and why they are useful in our digital age.
