NoteVerse

SHA MD5 HMAC

Comprehensive study notes, diagrams, and exam preparation for SHA MD5 HMAC.

SHA MD5 HMAC

Definition

SHA (Secure Hash Algorithm) and MD5 (Message-Digest Algorithm 5) are cryptographic hash functions used to ensure data integrity by creating a unique "fingerprint" of digital data. HMAC (Hash-based Message Authentication Code) is a specific mechanism that combines a cryptographic hash function with a secret key to provide both data integrity and data origin authentication.

Main Content

1. MD5 (Message-Digest Algorithm 5)

  • MD5 produces a 128-bit hash value, typically expressed as a 32-character hexadecimal number.
  • While fast and widely used in the past for file checksums, it is now considered cryptographically broken due to vulnerability to collision attacks, where two different inputs produce the same output.

2. SHA (Secure Hash Algorithm)

  • SHA is a family of cryptographic functions designed by the NSA. SHA-256 (part of SHA-2) is the current industry standard.
  • Unlike MD5, SHA functions are designed to be collision-resistant, making them suitable for digital signatures, SSL/TLS certificates, and secure password storage.

3. HMAC (Hash-based Message Authentication Code)

  • HMAC provides a way to verify both the data integrity and the authenticity of a message by using a shared secret key.
  • It prevents "man-in-the-middle" attacks where an attacker might modify a message and recalculate its hash; without the secret key, the attacker cannot forge a valid HMAC.

Working / Process

1. The Hashing Process (MD5/SHA)

  • Input data of any length is passed through the algorithm.
  • The algorithm breaks the data into fixed-size blocks and applies mathematical transformations.
  • A fixed-length bit string (the hash) is generated as the final output.
Input Data  -----> [ Hash Function ] -----> Fixed-Length Digest
(e.g., "Hello")      (SHA-256)            (e.g., "2cf24d...")

2. The HMAC Construction

  • The HMAC process involves two passes of hashing with a secret key and internal padding.
  • The message is combined with the secret key, and the resulting string is hashed to produce the final authentication tag.
Key + Message ----> [ Hash Function ] ----> HMAC Output

3. Verification Process

  • The receiver takes the received message and their copy of the secret key.
  • They perform the HMAC calculation locally.
  • If the calculated HMAC matches the HMAC sent with the message, the data is verified as authentic and unaltered.

Advantages / Applications

  • Data Integrity: Ensures that a file or message has not been altered during transit (commonly used in software downloads to check file signatures).
  • Authentication: HMAC allows two parties to confirm that the sender possesses the secret key, verifying the identity of the source.
  • Password Storage: Systems store the hash of a password rather than the actual text, protecting user credentials if the database is leaked.

Summary

SHA, MD5, and HMAC are fundamental tools in cybersecurity used to verify that data remains unchanged and comes from a trusted source. While MD5 is largely deprecated for security, SHA-256 remains a robust standard, and HMAC acts as a secure wrapper using secret keys to provide authentication alongside integrity.

Important terms to remember:

  • Hash Function: A one-way mathematical function.
  • Collision: When two different inputs produce the same hash output.
  • Secret Key: A piece of information used in HMAC to prove authenticity.
  • Digest: The resulting fixed-length string produced by a hash function.
← Prev: MAC Hash function
Next: Digital signature and authentication protocols →