cs380 final - sha1v2
TRANSCRIPT
-
8/2/2019 Cs380 Final - Sha1v2
1/22
SHA1 ENCRYPTION ALGORITHM
Shelley Kandola, CS380 Final Project, Spring 2012
-
8/2/2019 Cs380 Final - Sha1v2
2/22
Background
-
8/2/2019 Cs380 Final - Sha1v2
3/22
Vocabulary
Map a data structure that associates keyswith values
Hash Function a map that sends a key to thevalue generated by the key
Collision when two keys map to the samevalue
-
8/2/2019 Cs380 Final - Sha1v2
4/22
One-Way Hash Functions
1. The hash is computable forany given input
2. A message cannot be
generated given a certainhash
3. A message cannot bechanged without changingthe hash
4. It is difficult to find twomessages with the samehash
Yellowpaint
Bluepaint
Colorscant beunmixed
-
8/2/2019 Cs380 Final - Sha1v2
5/22
History
SHA-1 Secure Hash Algorithm 1
One-way Hash Function
NSA, 1995
Replaced SHA-0 fordefinite chance ofcollisions
Replaced by SHA-2 forhigh collision probability
Retired from governmentuse
1993
SHA-0 Introduced
Certain collisions found
1995 SHA-1 Introduced Theoretical Collisions found
2001
SHA-2 Introduced
No known collisions
-
8/2/2019 Cs380 Final - Sha1v2
6/22
Why SHA1?
CS332: Web Programming
Myslu/~sbkand09/SLURoomReview
REU: Trustable Computing Systems andEfficient Implementations of CryptographicAlgorithms
Conference: IEEE Hardware Oriented Security
& Trust Symposium, San Francisco
-
8/2/2019 Cs380 Final - Sha1v2
7/22
What is it?
-
8/2/2019 Cs380 Final - Sha1v2
8/22
SHA-1 as an Algorithm
Successes Failures
Maps variable-length input
to fixed-length output No function to unencrypt
output
Avalanche Effect
80 iterations Documents are
compressed
No need for key
Far more possible inputs
than outputs Collisions can lead to data
corruption
Legal disputes over meaningof encrypted documents
SHA1 password databases Dont use dictionary words!
File preparation notcomplicated enough
-
8/2/2019 Cs380 Final - Sha1v2
9/22
Why are collisions so
frequent?Input Output
Length: 264 bits 160 bits (~27)
Possibilities: 2(2^64) = ??? 2160 = 1 quindecillion
Which is 5,553,023,288,523,357,133 digits long 49 digits long
Whose length is 19 digits 2 digits
there are approximately 144 quadrillion
times more inputs than outputs.The birthday problem says theres a~50% chance of a collision occurring
in a collection of280 messages.
-
8/2/2019 Cs380 Final - Sha1v2
10/22
Uses
File ChecksumIntegrity Verifier(Windows)
Pseudorandom stringgeneration
Password encryption
SHA1 Checksum/
Random hex string/
Encrypted password
Passwords
Seeds
Programs
-
8/2/2019 Cs380 Final - Sha1v2
11/22
Example: Hello world!
The Algorithm
-
8/2/2019 Cs380 Final - Sha1v2
12/22
Overview
-
8/2/2019 Cs380 Final - Sha1v2
13/22
Functions and Constants
Functions
f(t; B, C, D)= (B and C) or ((not B) and D) 00
-
8/2/2019 Cs380 Final - Sha1v2
14/22
Initial H-Buffer Values
H0 = 67452301
H1 = EFCDAB89
H2 = 98BADCFE H3 = 10325476
H4 = C3D2E1F0
-
8/2/2019 Cs380 Final - Sha1v2
15/22
Padding Hello World
Hex
4865 6c6c 6f20 776f 726c 6421
24*16 = 384 bits
Pad with 1 and 0s
4865 6c6c 6f20 776f 726c 6421 1000 0000
Adding the original length
4865 6c6c 6f20 776f 726c 6421 1000 0018
512 bits ready for processing!
4865 6c6c 6f20 776f 726c 6421 1000 0018
-
8/2/2019 Cs380 Final - Sha1v2
16/22
Splitting Hello World!
4865 6c6c 6f20 776f 726c 6421 1000 0018
W[0] = 48, W[1] = 65, , W[14] = 00, W[15] =18
For t=16:
W[16] =
(W[t-3] xor W[t-8] xor W[t-14] xor W[t-16])
-
8/2/2019 Cs380 Final - Sha1v2
17/22
Setting up the temp Buffer
Since this is the first iteration, for both thegeneral and Hello world! case, we will have:
A = 67452301 B = EFCDAB89
C = 98BADCFE
D = 10325476 E = C3D2E1F0
-
8/2/2019 Cs380 Final - Sha1v2
18/22
Applying the Algorithm
For t=0:
temp =
A
-
8/2/2019 Cs380 Final - Sha1v2
19/22
Setting the Final Values
General Hello world!
H0 = H0 + A
H1 = H1 + B H2 = H2 + C
H3 = H3 + D
H4 = H4 + E
H0 = D3486ae9
H1 = 136e7856 H2 = Bc422123
H3 = 85ea7970
H4 = 94475802
Sha1(Hello world!) =D3486AE9136E7856BC42212385EA797094475802
-
8/2/2019 Cs380 Final - Sha1v2
20/22
Password Hacking
SHA1-Encrypted Passwords Password
d0be 2dc4 21be 4fcd 0172e5af ceea 3970 e2f3 d940
5baa 61e4 c9b9 3f3f 0682
250b 6cf8 331b 7ee6 8fd8
apple
d0be 2dc4 21be 4fcd 0172e5af ceea 3970 e2f3 d940
password
5baa 61e4 c9b9 3f3f 0682250b 6cf8 331b 7ee6 8fd8
-
8/2/2019 Cs380 Final - Sha1v2
21/22
Algorithm at a Glance
Divide string M(i) into 16 words: W(0) W(15)
For t=16 to t=79
W(t) =
(W(t-3) xor W(t-8) xor W(t-14) xor W(t-16))
-
8/2/2019 Cs380 Final - Sha1v2
22/22
Questions?
Thank you!