Hash Function and Digital Signature

Hash function is very widely used because these are used for to provide Integrity.

A hash function takes a message of variable length and produces a fixed-length hash value. Hash values, also referred to as message digests, are calculated using the original message. If the receiver calculates a hash value that is the same, then the original message is intact. If the receiver calculates a hash value that is different, then the original message has been altered.

Even changing a comma in a 100 page document will produce an entirely new hash.

Hash Functions
Hash Functions

There is one more Hashing algorithm i.e. RIPEMD-160 – Although several variations of the RIPEMD hash function exist. RIPEMD160 produces a 160-bit hash value after performing 160 rounds of computations on 512-bit blocks. It is secure and collision free hash function.

So why do we need HMAC? – If an attacker intercepts a message that contains a hash value, the attacker can alter the original message to create a second invalid message with a new hash value. If the attacker then sends the second invalid message to the intended recipient, the intended recipient will have no way of knowing that he received an incorrect message. When the receiver performs a hash value calculation, the invalid message will look valid because the invalid message was appended with the attacker’s new hash value, not the original message’s hash value. To prevent this from occurring, the sender should use message authentication code (MAC).

QUIZ TIME * – Practicing questions along with Concepts is Best way to Maintain Interest in Study. Hence, Please take some time for a small Quiz on Hash Functions? – Please click on below image for quiz to start.

Digital Signature

I am sure you must be thinking “What is the purpose of having Digital Signature?” – How do you verify if the message was truly received from the claimed sender? – Well, the answer is “Digital Signatures”

Digitally signed messages assure the recipient that the message truly came from the claimed sender. They enforce non-repudiation & assure the recipient that the message was not altered while in transit between the sender and recipient.

Digital Signature
Digital Signature

QUIZ TIME * – Practicing questions along with Concepts is Best way to Maintain Interest in Study. Hence, Please take some time for a small Quiz on Digital Signature? – Please click on below image for quiz to start.

*  The questions in these practice tests are listed to help you study information and concepts that are likely to be tested on CISSP certification and do not represent questions from any actual test. Your score on these practice tests is not meant to and will not correlate to any particular score on any test. 

Hashing Transcript

  1. Message Digest
    • By comparing message digest – Changes in messages cannot be calculated
    • Used in Digital Signature
    • 128 bit or larger
    • longer the message digest – most reliable on Integrity
  2. Property of hash functions
    1. Input any length
    2. Output must be fixed length
    3. Easy to compute for any kind of input
    4. Must be a one-way function
    5. Collision free – two messages must not produce same hash value
  3. SHA
    • Promoted by NiST
    • SHA-1
      • Input any length
      • 160-bit message digest
      • Process message in 512-bits block
    • SHA-2
      • SHA-256 – 256-bit message digest using a 512-bit block size. SHA-224 uses a truncated version of the SHA-256 hash – 224-bit message digest using a 512-bit block size. SHA-512 – 512-bit message digest using a 1,024-bit block size. SHA-384 uses a truncated version of the SHA-512 hash – 384-bit message digest using a 1,024-bit block size.
      • Never Broken
  4. MD2
    • Developed for 8 bit processor
    • Length must be multiple of 16-byte & compute 16 byte checksum -> append to message -> 128 bit message digest
    • Not a One-way
  5. MD4
    • Developed for 32 bit processor
    • first pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits
    • Next processes 512-bit blocks of the message in three rounds of computation. The final output is a 128-bit message digest.
    • Not secure – Collision are found
    • Faster than MD2
  6. MD5
    • MD5 has the same padding requirements as MD4.
    • Not secure – Collision are found
      • must not be used for SSL and Digital Signature
    • Commercial usage, many software vendors
  7. HAVAL
    • Hash of Variable Length is a modification of MD5. It uses 1,024-bit blocks and produces hash values of 128, 160, 192, 224, and 256 bits.
    • Collision issues have been discovered if producing a 128-bit hash value with three rounds of computations.
  8. HMAC – Hash MAC (Message Authentication code)
    • Provides data integrity and authentication
    • HMAC Strength dependent upon the strength of the hash function, including the hash value size, and the key size.
    • Can reduce collision rate of a hash function
    • The sender joins the symmetric key to the message.
    • CBC-MAC
      • Cipher Block Chaining MAC
    • CMAC
      • Cipher-Based MAC
      • Better than CBC-MAC
      • Addresses security issue with CBC-MAC
      • Approved to work with AES & 3DES
    • Keyed MAC
      • Encrypting the hash function with a symmetric key algorithm
  9. Salting
    • To protect password from being stolen against Lookup tables and rainbow tables

Digital Signature Transcript

  1. No Confidentiality by default.
  2. Provides “non-repudiation, and integrity”
  3. Does not provide privacy/encryption of “Plaintext”
  4. Uses Hash Function in its process – A hash value encrypted with the sender’s private key
  5. Digital Signature Standard
    • Hashing must use SHA-2
    • Approved encryption
      1. DSA (Digital security algorithm)
        1. Slower than RSA
        2. Only provide Digital Signature
      2. RSA
      3. ECDSA

7 thoughts on “Hash Function and Digital Signature

  1. Hi Waheed, Unfortunately not :(. But definitely you can refer to all my post. I kept of updating most of them if i come across new concept. Very soon I will be consolidating the practice questions on topic basis.


  2. Pingback: Domain 3: Security Architecture and Engineering – mrcissp

    • Sorry for being late in responding. Actually, HMAC, CBC-MAC, CMAC and Keyed MAC are different MAC technique. Ideally heading should be MAC and their respective category. Thank you for highlighting. I will rectify the post in few hours.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.