cs380 final - sha1v2

8/2/2019 Cs380 Final - Sha1v2

1/22

SHA1 ENCRYPTION ALGORITHM

Shelley Kandola, CS380 Final Project, Spring 2012

8/2/2019 Cs380 Final - Sha1v2

2/22

Background

8/2/2019 Cs380 Final - Sha1v2

3/22

Vocabulary

Map a data structure that associates keyswith values

Hash Function a map that sends a key to thevalue generated by the key

Collision when two keys map to the samevalue

8/2/2019 Cs380 Final - Sha1v2

4/22

One-Way Hash Functions

1. The hash is computable forany given input

2. A message cannot be

generated given a certainhash

3. A message cannot bechanged without changingthe hash

4. It is difficult to find twomessages with the samehash

Yellowpaint

Bluepaint

Colorscant beunmixed

8/2/2019 Cs380 Final - Sha1v2

5/22

History

SHA-1 Secure Hash Algorithm 1

One-way Hash Function

NSA, 1995

Replaced SHA-0 fordefinite chance ofcollisions

Replaced by SHA-2 forhigh collision probability

Retired from governmentuse

1993

SHA-0 Introduced

Certain collisions found

1995 SHA-1 Introduced Theoretical Collisions found

2001

SHA-2 Introduced

No known collisions

8/2/2019 Cs380 Final - Sha1v2

6/22

Why SHA1?

CS332: Web Programming

Myslu/~sbkand09/SLURoomReview

REU: Trustable Computing Systems andEfficient Implementations of CryptographicAlgorithms

Conference: IEEE Hardware Oriented Security

& Trust Symposium, San Francisco

8/2/2019 Cs380 Final - Sha1v2

7/22

What is it?

8/2/2019 Cs380 Final - Sha1v2

8/22

SHA-1 as an Algorithm

Successes Failures

Maps variable-length input

to fixed-length output No function to unencrypt

output

Avalanche Effect

80 iterations Documents are

compressed

No need for key

Far more possible inputs

than outputs Collisions can lead to data

corruption

Legal disputes over meaningof encrypted documents

SHA1 password databases Dont use dictionary words!

File preparation notcomplicated enough

8/2/2019 Cs380 Final - Sha1v2

9/22

Why are collisions so

frequent?Input Output

Length: 264 bits 160 bits (~27)

Possibilities: 2(2^64) = ??? 2160 = 1 quindecillion

Which is 5,553,023,288,523,357,133 digits long 49 digits long

Whose length is 19 digits 2 digits

there are approximately 144 quadrillion

times more inputs than outputs.The birthday problem says theres a~50% chance of a collision occurring

in a collection of280 messages.

8/2/2019 Cs380 Final - Sha1v2

10/22

Uses

File ChecksumIntegrity Verifier(Windows)

Pseudorandom stringgeneration

Password encryption

SHA1 Checksum/

Random hex string/

Encrypted password

Passwords

Seeds

Programs

8/2/2019 Cs380 Final - Sha1v2

11/22

Example: Hello world!

The Algorithm

8/2/2019 Cs380 Final - Sha1v2

12/22

Overview

8/2/2019 Cs380 Final - Sha1v2

13/22

Functions and Constants

Functions

f(t; B, C, D)= (B and C) or ((not B) and D) 00

8/2/2019 Cs380 Final - Sha1v2

14/22

Initial H-Buffer Values

H0 = 67452301

H1 = EFCDAB89

H2 = 98BADCFE H3 = 10325476

H4 = C3D2E1F0

8/2/2019 Cs380 Final - Sha1v2

15/22

Padding Hello World

Hex

4865 6c6c 6f20 776f 726c 6421

24*16 = 384 bits

Pad with 1 and 0s

4865 6c6c 6f20 776f 726c 6421 1000 0000

Adding the original length

4865 6c6c 6f20 776f 726c 6421 1000 0018

512 bits ready for processing!

4865 6c6c 6f20 776f 726c 6421 1000 0018

8/2/2019 Cs380 Final - Sha1v2

16/22

Splitting Hello World!

4865 6c6c 6f20 776f 726c 6421 1000 0018

W[0] = 48, W[1] = 65, , W[14] = 00, W[15] =18

For t=16:

W[16] =

(W[t-3] xor W[t-8] xor W[t-14] xor W[t-16])

8/2/2019 Cs380 Final - Sha1v2

17/22

Setting up the temp Buffer

Since this is the first iteration, for both thegeneral and Hello world! case, we will have:

A = 67452301 B = EFCDAB89

C = 98BADCFE

D = 10325476 E = C3D2E1F0

8/2/2019 Cs380 Final - Sha1v2

18/22

Applying the Algorithm

For t=0:

temp =

A

8/2/2019 Cs380 Final - Sha1v2

19/22

Setting the Final Values

General Hello world!

H0 = H0 + A

H1 = H1 + B H2 = H2 + C

H3 = H3 + D

H4 = H4 + E

H0 = D3486ae9

H1 = 136e7856 H2 = Bc422123

H3 = 85ea7970

H4 = 94475802

Sha1(Hello world!) =D3486AE9136E7856BC42212385EA797094475802

8/2/2019 Cs380 Final - Sha1v2

20/22

Password Hacking

SHA1-Encrypted Passwords Password

d0be 2dc4 21be 4fcd 0172e5af ceea 3970 e2f3 d940

5baa 61e4 c9b9 3f3f 0682

250b 6cf8 331b 7ee6 8fd8

apple

d0be 2dc4 21be 4fcd 0172e5af ceea 3970 e2f3 d940

password

5baa 61e4 c9b9 3f3f 0682250b 6cf8 331b 7ee6 8fd8

8/2/2019 Cs380 Final - Sha1v2

21/22

Algorithm at a Glance

Divide string M(i) into 16 words: W(0) W(15)

For t=16 to t=79

W(t) =

(W(t-3) xor W(t-8) xor W(t-14) xor W(t-16))

8/2/2019 Cs380 Final - Sha1v2

22/22

Questions?

Thank you!