- List Of Cryptographic Hash Functions
- Cryptographic Functions
- Non Cryptographic Hash
- Non Cryptographic Hash Function
- Comparison Of Cryptographic Hash Functions
- Cryptographic Hash Definition
- Cryptographic Hash Function Pdf
The script content on this page is for navigation purposes only and does not alter the content in any way.
DBMS_CRYPTO
provides an interface to encrypt and decrypt stored data, and can be used in conjunction with PL/SQL programs running network communications. It provides support for several industry-standard encryption and hashing algorithms, including the Advanced Encryption Standard (AES) encryption algorithm. AES has been approved by the National Institute of Standards and Technology (NIST) to replace the Data Encryption Standard (DES).The results MAC code is a message hash mixed with a secret key. It has the cryptographic properties of hashes: irreversible, collision resistant, etc. The hashfunc can be any cryptographic hash function like SHA-256, SHA-512, RIPEMD-160, SHA3-256 or BLAKE2s. HMAC is used for message authenticity, message integrity and sometimes for key derivation. The Eristic Cryptographic Toolkit based on the CRC (Chaotic Random Core). Version 4 is under development and includes: general purpose P-RNG, hash function, cipher, shuffle cipher, with key exchange and authentication on the way. Still in a very Alpha state at the moment.
Oracle Database Security Guide for further information about using this package and about encrypting data in general.This chapter contains the following topics:
- Overview
- Security Model
- Types
- Algorithms
- Restrictions
- Exceptions
- Operational Notes
Using the DBMS_CRYPTO Subprograms
Overview
DBMS_CRYPTO
contains basic cryptographic functions and procedures. To use this package correctly and securely, a general level of security expertise is assumed.The
DBMS_CRYPTO
package enables encryption and decryption for common Oracle datatypes, including RAW
and large objects (LOB
s), such as images and sound. Specifically, it supports BLOB
s and CLOB
s. In addition, it provides Globalization Support for encrypting data across different database character sets.The following cryptographic algorithms are supported:
- Data Encryption Standard (DES), Triple DES (3DES, 2-key and 3-key)
- Advanced Encryption Standard (AES)
- MD5, MD4, and SHA-1 cryptographic hashes
- MD5 and SHA-1 Message Authentication Code (MAC)
List Of Cryptographic Hash Functions
Block cipher modifiers are also provided with
DBMS_CRYPTO
. You can choose from several padding options, including PKCS (Public Key Cryptographic Standard) #5, and from four block cipher chaining modes, including Cipher Block Chaining (CBC).Table 39-1 lists the
DBMS_CRYPTO
package features in comparison to the other PL/SQL encryption package, the DBMS_OBFUSCATION_TOOLKIT
.Table 39-1 DBMS_CRYPTO and DBMS_OBFUSCATION_TOOLKIT Feature Comparison
Package Feature | DBMS_CRYPTO | DBMS_OBFUSCATION_TOOLKIT |
---|---|---|
Cryptographic algorithms | DES, 3DES, AES, RC4, 3DES_2KEY | DES, 3DES |
Padding forms | PKCS5, zeroes | none supported |
Block cipher chaining modes | CBC, CFB, ECB, OFB Download ms office crack for mac. | CBC |
Cryptographic hash algorithms | MD5, SHA-1, MD4 | MD5 |
Keyed hash (MAC) algorithms | HMAC_MD5, HMAC_SH1 | none supported |
Cryptographic pseudo-random number generator | RAW , NUMBER , BINARY_INTEGER | RAW , VARCHAR2 |
Database types | RAW , CLOB , BLOB | RAW , VARCHAR2 |
DBMS_CRYPTO
is intended to replace the DBMS_OBFUSCATION_TOOLKIT
, providing greater ease of use and support for a range of algorithms to accommodate new and existing systems. Specifically, 3DES_2KEY
and MD4 are provided for backward compatibility. It is not recommended that you use these algorithms because they do not provide the same level of security as provided by 3DES, AES, MD5, or SHA-1.Security Model
Oracle Database installs this package in the
SYS
schema. You can then grant package access to existing users and roles as needed.Types
Parameters for the
DBMS_CRYPTO
subprograms use these datatypes:Table 39-2 DBMS_CRYPTO Datatypes
Type | Description |
---|---|
BLOB | A source or destination binary LOB |
CLOB | A source or destination character LOB (excluding NCLOB) |
PLS_INTEGER | Specifies a cryptographic algorithm type (used with BLOB, CLOB, and RAW datatypes) |
RAW | A source or destination RAW buffer |
Algorithms
The following cryptographic algorithms, modifiers, and cipher suites are predefined in this package.
Table 39-3 DBMS_CRYPTO Cryptographic Hash Functions
Name | Description |
---|---|
HASH_MD4 | Produces a 128-bit hash, or message digest of the input message |
HASH_MD5 | Also produces a 128-bit hash, but is more complex than MD4 |
HASH_SH1 | Secure Hash Algorithm (SHA). Produces a 160-bit hash. |
Table 39-4 DBMS_CRYPTO MAC (Message Authentication Code) Functions
Name | Description |
---|---|
HMAC_MD5Foot 1 | Same as MD5 hash function, except it requires a secret key to verify the hash value. |
HMAC_SH1Footref 1 | Same as SHA hash function, except it requires a secret key to verify the hash value. |
Footnote 1 Complies with IETF RFC 2104 standard
Table 39-5 DBMS_CRYPTO Encryption Algorithms
Name | Description |
---|---|
ENCRYPT_DES | Data Encryption Standard. Block cipher. Uses key length of 56 bits. |
ENCRYPT_3DES_2KEY | Data Encryption Standard. Block cipher. Operates on a block 3 times with 2 keys. Effective key length of 112 bits. |
ENCRYPT_3DES | Data Encryption Standard. Block cipher. Operates on a block 3 times. |
ENCRYPT_AES128 | Advanced Encryption Standard. Block cipher. Uses 128-bit key size. |
ENCRYPT_AES192 | Advanced Encryption Standard. Block cipher. Uses 192-bit key size. |
ENCRYPT_AES256 | Advanced Encryption Standard. Block cipher. Uses 256-bit key size. |
ENCRYPT_RC4 | Stream cipher. Uses a secret, randomly generated key unique to each session. |
Table 39-6 DBMS_CRYPTO Block Cipher Suites
Name | Description |
---|---|
DES_CBC_PKCS5 | ENCRYPT_DESFoot 1 + CHAIN_CBCFoot 2 + PAD_PKCS5Foot 3 |
DES3_CBC_PKCS5 | ENCRYPT_3DES Footref 1 + CHAIN_CBC Footref 2 + PAD_PKCS5Footref 3 |
Footnote 1 See Table 39-5, 'DBMS_CRYPTO Encryption Algorithms'
Footnote 2 See Table 39-7, 'DBMS_CRYPTO Block Cipher Chaining Modifiers'
Footnote 3 See Table 39-8, 'DBMS_CRYPTO Block Cipher Padding Modifiers'
Table 39-7 DBMS_CRYPTO Block Cipher Chaining Modifiers
Name | Description |
---|---|
CHAIN_ECB | Electronic Codebook. Encrypts each plaintext block independently. |
Viewsonic vs15562 driver. CHAIN_CBC | Cipher Block Chaining. Plaintext is XORed with the previous ciphertext block before it is encrypted. |
CHAIN_CFB | Cipher-Feedback. Enables encrypting units of data smaller than the block size. |
CHAIN_OFB | Output-Feedback. Enables running a block cipher as a synchronous stream cipher. Similar to CFB, except that n bits of the previous output block are moved into the right-most positions of the data queue waiting to be encrypted. |
Table 39-8 DBMS_CRYPTO Block Cipher Padding Modifiers
Name | Description |
---|---|
PAD_PKCS5 | Provides padding which complies with the PKCS #5: Password-Based Cryptography Standard |
PAD_NONE | Provides option to specify no padding. Caller must ensure that blocksize is correct, else the package returns an error. |
PAD_ZERO | Provides padding consisting of zeroes. |
Restrictions
The
VARCHAR2
datatype is not directly supported by DBMS_CRYPTO
. Before you can perform cryptographic operations on data of the type VARCHAR2
, you must convert it to the uniform database character set AL32UTF8, and then convert it to the RAW
datatype. After performing these conversions, you can then encrypt it with the DBMS_CRYPTO
package.See Also:
'Conversion Rules' for information about converting datatypes.Exceptions
Table 39-9 lists exceptions that have been defined for
DBMS_CRYPTO
.Table 39-9 DBMS_CRYPTO Exceptions
Exception | Code | Description |
---|---|---|
CipherSuiteInvalid | 28827 | The specified cipher suite is not defined. |
CipherSuiteNull | 28829 | No value has been specified for the cipher suite to be used. |
Download skype video messages mac. KeyNull | 28239 | The encryption key has not been specified or contains a NULL value. |
KeyBadSize | 28234 | DES keys: Specified key size is too short. DES keys must be at least 8 bytes (64 bits). AES keys: Specified key size is not supported. AES keys must be 128, 192, or 256 bits in length. |
DoubleEncryption | 28233 | Source data was previously encrypted. |
Operational Notes
When to Use Encrypt and Decrypt Procedures or Functions
This package includes both
ENCRYPT
and DECRYPT
procedures and functions. The procedures are used to encrypt or decrypt LOB
datatypes (overloaded for CLOB
and BLOB
datatypes). In contrast, the ENCRYPT
and DECRYPT
functions are used to encrypt and decrypt RAW
datatypes. Data of type VARCHAR2
must be converted to RAW
before you can use DBMS_CRYPTO
functions to encrypt it.When to Use Hash or Message Authentication Code (MAC) Functions
This package includes two different types of one-way hash functions: the
HASH
function and the MAC
function. Hash functions operate on an arbitrary-length input message, and return a fixed-length hash value. One-way hash functions work in one direction only. It is easy to compute a hash value from an input message, but it is extremely difficult to generate an input message that hashes to a particular value. Note that hash values should be at least 128 bits in length to be considered secure.You can use hash values to verify whether data has been altered. For example, before storing data, Laurel runs
DBMS_CRYPTO.HASH
against the stored data to create a hash value. When she returns the stored data at a later date, she can again run the hash function against it, using the same algorithm. If the second hash value is identical to the first one, then the data has not been altered. Hash values are similar to 'file fingerprints' and are used to ensure data integrity.The
HASH
function included with DBMS_CRYPTO
, is a one-way hash function that you can use to generate a hash value from either RAW
or LOB
data. The MAC
function is also a one-way hash function, but with the addition of a secret key. https://sersilovo.tistory.com/5. It works the same way as the DBMS_CRYPTO.HASH
function, except only someone with the key can verify the hash value.MACs can be used to authenticate files between users. They can also be used by a single user to determine if her files have been altered, perhaps by a virus. A user could compute the MAC of his files and store that value in a table. If the user did not use a MAC function, then the virus could compute the new hash value after infection and replace the table entry. A virus cannot do that with a MAC because the virus does not know the key.
About Generating and Storing Encryption Keys
The
DBMS_CRYPTO
package can generate random material for encryption keys, but it does not provide a mechanism for maintaining them. Application developers must take care to ensure that the encryption keys used with this package are securely generated and stored. Also note that the encryption and decryption operations performed by DBMS_CRYPTO
occur on the server, not on the client. Consequently, if the key is sent over the connection between the client and the server, the connection must be protected by using network encryption. Otherwise, the key is vulnerable to capture over the wire.Although
DBMS_CRYPTO
cannot generate keys on its own, it does provide tools you can use to aid in key generation. For example, you can use the RANDOMBYTES
function to generate random material for keys. (Calls to the RANDOMBYTES
function behave like calls to the DESGETKEY
and DES3GETKEY
functions of the DBMS_OBFUSCATION_TOOLKIT
package.)When generating encryption keys for DES, it is important to remember that some numbers are considered weak and semiweak keys. Keys are considered weak or semiweak when the pattern of the algorithm combines with the pattern of the initial key value to produce ciphertext that is more susceptible to cryptanalysis. To avoid this, filter out the known weak DES keys. Lists of the known weak and semiweak DES keys are available on several public Internet sites.
See Also:
- Oracle Database Advanced Security Administrator's Guide for information about configuring network encryption and SSL.
- 'Key Management' for a full discussion about securely storing encryption keys
Conversion Rules
- To convert
VARCHAR2
toRAW
, use theUTL_I18N.STRING_TO_RAW
function to perform the following steps:- Convert
VARCHAR2
in the current database character set toVARCHAR2
in the AL32UTF8 database character. - Convert
VARCHAR2
in the AL32UTF8 database character set toRAW
.
Syntax example: - To convert
RAW
toVARCHAR2
, use theUTL_I18N.RAW_TO_CHAR
function to perform the following steps:- Convert
RAW
toVARCHAR2
in the AL32UTF8 database character set. - Convert
VARCHAR2
in the AL32UTF8 database character set toVARCHAR2
in the database character set you wish to use.
Syntax example:See Also:Chapter 224, 'UTL_I18N' for information about using theUTL_I18N
PL/SQL package. - If you want to store encrypted data of the
RAW
datatype in aVARCHAR2
database column, then useRAWTOHEX
orUTL_ENCODE.BASE64_ENCODE
to make it suitable forVARCHAR2
storage. These functions expand data size by 2 and 4/3, respectively.
Examples
The following listing shows PL/SQL block encrypting and decrypting pre-defined '
input_string
' using 256-bit AES algorithm with Cipher Block Chaining and PKCS#5 compliant padding.Summary of DBMS_CRYPTO Subprograms
Table 39-10 DBMS_CRYPTO Package Subprograms
Subprogram | Description |
---|---|
Decrypts RAW data using a stream or block cipher with a user supplied key and optional IV (initialization vector) | |
Decrypts LOB data using a stream or block cipher with a user supplied key and optional IV | |
Encrypts RAW data using a stream or block cipher with a user supplied key and optional IV | |
Encrypts LOB data using a stream or block cipher with a user supplied key and optional IV | |
Applies one of the supported cryptographic hash algorithms (MD4, MD5, or SHA-1) to data | |
Applies Message Authentication Code algorithms (MD5 or SHA-1) to data to provide keyed message protection | |
Returns a RAW value containing a cryptographically secure pseudo-random sequence of bytes, and can be used to generate random material for encryption keys | |
Returns a random BINARY_INTEGER | |
Returns a random 128-bit integer of the NUMBER datatype |
DECRYPT Function
This function decrypts
RAW
data using a stream or block cipher with a user supplied key and optional IV (initialization vector).Syntax
Pragmas
Parameters
Table 39-11 DECRYPT Function Parameters
Parameter Name | Description |
---|---|
src | RAW data to be decrypted. |
typ | Stream or block cipher type and modifiers to be used. |
key | Key to be used for decryption. |
iv | Optional initialization vector for block ciphers. Default is NULL . |
Usage Notes
- To retrieve original plaintext data,
DECRYPT
must be called with the same cipher, modifiers, key, and IV that was used to encrypt the data originally.See Also:'Usage Notes' for theENCRYPT
function for additional information about the ciphers and modifiers available with this package. - If
VARCHAR2
data is converted toRAW
before encryption, then it must be converted back to the appropriate database character set by using theUTL_I18N
package.See Also:'Conversion Rules' for a discussion of theVARCHAR2
toRAW
conversion process.
DECRYPT Procedures
These procedures decrypt
LOB
data using a stream or block cipher with a user supplied key and optional IV (initialization vector).Syntax
Pragmas
Parameters
Table 39-12 DECRYPT Procedure Parameters
Parameter Name | Description |
---|---|
dst | LOB locator of output data. The value in the output LOB <dst > will be overwritten. |
src | LOB locator of input data. |
typ | Stream or block cipher type and modifiers to be used. |
key | Key to be used for decryption. |
iv | Optional initialization vector for block ciphers. Default is all zeroes. |
ENCRYPT Function
This function encrypts
RAW
data using a stream or block cipher with a user supplied key and optional IV (initialization vector).Syntax
Pragmas
Parameters
Table 39-13 ENCRYPT Function Parameters
Parameter Name | Description |
---|---|
src | RAW data to be encrypted. |
typ | Stream or block cipher type and modifiers to be used. |
key | Encryption key to be used for encrypting data. |
iv | Optional initialization vector for block ciphers. Default is NULL . |
Usage Notes
- Block ciphers may be modified with chaining and padding type modifiers. The chaining and padding type modifiers are added to the block cipher to produce a cipher suite. Cipher Block Chaining (CBC) is the most commonly used chaining type, and PKCS #5 is the recommended padding type. See Table 39-7 and Table 39-8 for block cipher chaining and padding modifier constants that have been defined for this package.
- To improve readability, you can define your own package-level constants to represent the cipher suites you use for encryption and decryption. For example, the following example defines a cipher suite that uses DES, cipher block chaining mode, and no padding:See Table 39-6 for the block cipher suites already defined as constants for this package.
- To encrypt
VARCHAR2
data, it should first be converted to the AL32UTF8 character set.See Also:'Conversion Rules' for a discussion of the conversion process. - Stream ciphers, such as RC4, are not recommended for stored data encryption.
ENCRYPT Procedures
These procedures encrypt
LOB
data using a stream or block cipher with a user supplied key and optional IV (initialization vector).Syntax
Pragmas
Parameters
Table 39-14 ENCRYPT Procedure Parameters
Parameter Name | Description |
---|---|
dst | LOB locator of output data. The value in the output LOB <dst > will be overwritten. |
src | LOB locator of input data. |
typ | Stream or block cipher type and modifiers to be used. |
key | Encryption key to be used for encrypting data. |
iv | Optional initialization vector for block ciphers. Default is NULL . |
Usage Notes
See 'Conversion Rules' for usage notes about using the
ENCRYPT
procedure.HASH Function
A one-way hash function takes a variable-length input string, the data, and converts it to a fixed-length (generally smaller) output string called a hash value. The hash value serves as a unique identifier (like a fingerprint) of the input data. You can use the hash value to verify whether data has been changed or not.
Note that a one-way hash function is a hash function that works in one direction. It is easy to compute a hash value from the input data, but it is hard to generate data that hashes to a particular value. Consequently, one-way hash functions work well to ensure data integrity. Refer to 'When to Use Hash or Message Authentication Code (MAC) Functions' for more information about using one-way hash functions.
This function applies to data one of the supported cryptographic hash algorithms listed in Table 39-3.
Syntax
Pragmas
Parameters
Table 39-15 HASH Function Parameters
Parameter Name | Description |
---|---|
src | The source data to be hashed. |
typ | The hash algorithm to be used. |
Usage Note
Oracle recommends that you use the SHA-1 (Secure Hash Algorithm), specified with the constant,
HASH_SH1
, because it is more resistant to brute-force attacks than MD4 or MD5. If you must use a Message Digest algorithm, then MD5 provides greater security than MD4.MAC Function
A Message Authentication Code, or MAC, is a key-dependent one-way hash function. MACs have the same properties as the one-way hash function described in 'HASH Function', but they also include a key. Only someone with the identical key can verify the hash. Also refer to 'When to Use Hash or Message Authentication Code (MAC) Functions' for more information about using MACs.
This function applies MAC algorithms to data to provide keyed message protection. See Table 39-4 for a list of MAC algorithms that have been defined for this package.
Syntax
Pragmas
Parameters
Table 39-16 MAC Function Parameters
Parameter Name | Description |
---|---|
src | Source data to which MAC algorithms are to be applied. |
typ | MAC algorithm to be used. |
key | Key to be used for MAC algorithm. |
RANDOMBYTES Function
This function returns a
RAW
value containing a cryptographically secure pseudo-random sequence of bytes, which can be used to generate random material for encryption keys. The RANDOMBYTES
function is based on the RSA X9.31 PRNG (Pseudo-Random Number Generator).Syntax
Pragmas
Parameters
Table 39-17 RANDOMBYTES Function Parameter
Parameter Name | Description |
---|---|
number_bytes | The number of pseudo-random bytes to be generated. |
Usage Note
The
number_bytes
value should not exceed the maximum length of a RAW
variable.RANDOMINTEGER Function
This function returns an integer in the complete range available for the Oracle
BINARY_INTEGER
datatype.Syntax
Pragmas
RANDOMNUMBER Function
This function returns an integer in the Oracle
NUMBER
datatype in the range of [0.2**128-1].Syntax
Pragmas
In cryptography, a message authentication code (MAC), sometimes known as a tag, is a short piece of information used to authenticate a message—in other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects both a message's data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
Cryptographic Functions
Definitions[edit]
Informally, a message authentication code system consists of three algorithms:
- A key generation algorithm selects a key from the key space uniformly at random.
- A signing algorithm efficiently returns a tag given the key and the message.
- A verifying algorithm efficiently verifies the authenticity of the message given the key and the tag. That is, return accepted when the message and tag are not tampered with or forged, and otherwise return rejected.
For a secure unforgeable message authentication code, it should be computationally infeasible to compute a valid tag of the given message without knowledge of the key, even if for the worst case, we assume the adversary can forge the tag of any message except the given one.[1]
Formally, a message authentication code (MAC) system is a triple of efficient[2] algorithms (G, S, V) satisfying:
- G (key-generator) gives the key k on input 1n, where n is the security parameter.
- S (signing) outputs a tag t on the key k and the input string x.
- V (verifying) outputs accepted or rejected on inputs: the key k, the string x and the tag t.
S and V must satisfy the following:
- Pr [ k ← G(1n), V( k, x, S(k, x) ) = accepted ] = 1.[3]
A MAC is unforgeable if for every efficient adversary A
- Pr [ k ← G(1n), (x, t) ← AS(k, · )(1n), x ∉ Query(AS(k, · ), 1n), V(k, x, t) = accepted] < negl(n),
Mac menu bar for windows. where AS(k, · ) denotes that A has access to the oracle S(k, · ), and Query(AS(k, · ), 1n) denotes the set of the queries on S made by A, which knows n. Clearly we require that any adversary cannot directly query the string x on S, since otherwise a valid tag can be easily obtained by that adversary.[4]
Security[edit]
While MAC functions are similar to cryptographic hash functions, they possess different security requirements. To be considered secure, a MAC function must resist existential forgery under chosen-plaintext attacks. This means that even if an attacker has access to an oracle which possesses the secret key and generates MACs for messages of the attacker's choosing, the attacker cannot guess the MAC for other messages (which were not used to query the oracle) without performing infeasible amounts of computation.
MACs differ from digital signatures as MAC values are both generated and verified using the same secret key. This implies that the sender and receiver of a message must agree on the same key before initiating communications, as is the case with symmetric encryption. For the same reason, MACs do not provide the property of non-repudiation offered by signatures specifically in the case of a network-wide shared secret key: any user who can verify a MAC is also capable of generating MACs for other messages. In contrast, a digital signature is generated using the private key of a key pair, which is public-key cryptography[2]. Since this private key is only accessible to its holder, a digital signature proves that a document was signed by none other than that holder. Thus, digital signatures do offer non-repudiation. However, non-repudiation can be provided by systems that securely bind key usage information to the MAC key; the same key is in the possession of two people, but one has a copy of the key that can be used for MAC generation while the other has a copy of the key in a hardware security module that only permits MAC verification. This is commonly done in the finance industry.[citation needed]
Message integrity codes[edit]
The term message integrity code (MIC) is frequently substituted for the term MAC, especially in communications,[5] to distinguish it from the use of MAC meaning MAC address (for media access control address). However, some authors[6] use MIC to refer to a message digest, which is different from a MAC – a message digest does not use secret keys. This lack of security means that any message digest intended for use gauging message integrity should be encrypted or otherwise be protected against tampering. Message digest algorithms are created such that a given message will always produce the same message digest assuming the same algorithm is used to generate both. Conversely, MAC algorithms are designed to produce matching MACs only if the same message, secret key and initialization vector are input to the same algorithm. Message digests do not use secret keys and, when taken on their own, are therefore a much less reliable gauge of message integrity than MACs. Because MACs use secret keys, they do not necessarily need to be encrypted to provide the same level of assurance.
RFC 4949 recommends avoiding the term 'message integrity code' (MIC), and instead using 'checksum', 'error detection code', 'hash', 'keyed hash', 'message authentication code', or 'protected checksum'.
Implementation[edit]
Non Cryptographic Hash
MAC algorithms can be constructed from other cryptographic primitives, like cryptographic hash functions (as in the case of HMAC) or from block cipher algorithms (OMAC, CCM, GCM, and PMAC). However many of the fastest MAC algorithms like UMAC-VMAC and Poly1305-AES are constructed based on universal hashing.[7]
Intrinsically keyed hash algorithms such as SipHash are also by definition MACs; they can be even faster than universal-hashing based MACs.[8]
https://greytree628.weebly.com/chromium-web-browser-download-mac.html. Additionally, the MAC algorithm can deliberately combine two or more cryptographic primitives, so as to maintain protection even if one of them is later found to be vulnerable. For instance, in Transport Layer Security (TLS), the input data is split in halves that are each processed with a different hashing primitive (SHA-1 and SHA-2) then XORed together to output the MAC.
Standards[edit]
Various standards exist that define MAC algorithms. These include:
Non Cryptographic Hash Function
- FIPS PUB 113 Computer Data Authentication,[9] withdrawn in 2002,[10] defines an algorithm based on DES.
- FIPS PUB 198-1 The Keyed-Hash Message Authentication Code (HMAC)[11]
- ISO/IEC 9797-1Mechanisms using a block cipher[12]
- ISO/IEC 9797-2 Mechanisms using a dedicated hash-function[13]
- ISO/IEC 9797-3 Mechanisms using a universal hash-function[14]
- ISO/IEC 29192-6 Lightweight cryptography - Message authentication codes[15]
ISO/IEC 9797-1 and -2 define generic models and algorithms that can be used with any block cipher or hash function, and a variety of different parameters. These models and parameters allow more specific algorithms to be defined by nominating the parameters. For example, the FIPS PUB 113 algorithm is functionally equivalent to ISO/IEC 9797-1 MAC algorithm 1 with padding method 1 and a block cipher algorithm of DES.
An example of MAC use[edit]
[16]In this example, the sender of a message runs it through a MAC algorithm to produce a MAC data tag. The message and the MAC tag are then sent to the receiver. The receiver in turn runs the message portion of the transmission through the same MAC algorithm using the same key, producing a second MAC data tag. The receiver then compares the first MAC tag received in the transmission to the second generated MAC tag. If they are identical, the receiver can safely assume that the message was not altered or tampered with during transmission (data integrity).
However, to allow the receiver to be able to detect replay attacks, the message itself must contain data that assures that this same message can only be sent once (e.g. time stamp, sequence number or use of a one-time MAC). Otherwise an attacker could – without even understanding its content – record this message and play it back at a later time, producing the same result as the original sender.
One-time MAC[edit]
Comparison Of Cryptographic Hash Functions
Universal hashing and in particular pairwise independent hash functions provide a secure message authentication code as long as the key is used at most once. This can be seen as the one-time pad for authentication.[17]
The simplest such pairwise independent hash function is defined by the random key key = (a,b), and the MAC tag for a message m is computed as tag = (am + b) mod p, where p is prime.
More generally, k-independent hashing functions provide a secure message authentication code as long as the key is used less than k times for k-ways independent hashing functions.
Cryptographic Hash Definition
See also[edit]
- Hash-based message authentication code (HMAC)
Notes[edit]
- ^The strongest adversary is assumed to have access to the signing algorithm without knowing the key. However, her final forged message must be different from any message she chose to query the signing algorithm before. See Pass's discussions before def 134.2.
- ^ abTheoretically, an efficient algorithm runs within probabilistic polynomial time.
- ^Pass, def 134.1
- ^Pass, def 134.2
- ^IEEE 802.11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications(PDF). (2007 revision). IEEE-SA. 12 June 2007. doi:10.1109/IEEESTD.2007.373646. ISBN978-0-7381-5656-9.
- ^Fred B Schneider, Hashes and Message Digests, Cornell University
- ^'VMAC: Message Authentication Code using Universal Hashing'. CFRG Working Group. CFRG Working Group. Retrieved 16 March 2010.
- ^Jean-Philippe Aumasson & Daniel J. Bernstein (2012-09-18). 'SipHash: a fast short-input PRF'(PDF).
- ^'FIPS PUB 113 Computer Data Authentication'. Archived from the original on 2011-09-27. Retrieved 2010-10-10.
- ^'Federal Information Processing Standards Publications, Withdrawn FIPS Listed by Number'. Archived from the original on 2010-08-01. Retrieved 2010-10-10.
- ^The Keyed-Hash Message Authentication Code (HMAC)
- ^ISO/IEC 9797-1 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher
- ^ISO/IEC 9797-2 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 2: Mechanisms using a dedicated hash-function
- ^ISO/IEC 9797-3 Information technology — Security techniques — Message Authentication Codes (MACs) — Part 3: Mechanisms using a universal hash-function
- ^ISO/IEC 29192-6 Information technology — Lightweight cryptography — Part 6: Message authentication codes (MACs)
- ^'Mac Security Overview', Mac® Security Bible, Wiley Publishing, Inc., 2011-11-01, pp. 1–26, doi:10.1002/9781118257739.ch1, ISBN9781118257739
- ^Simmons, Gustavus (1985). 'Authentication theory/coding theory'. Advances in Cryptology: Proceedings of CRYPTO 84. Berlin: Springer. pp. 411–431. ISBN00000000 Check
|isbn=
value: length (help).
Cryptographic Hash Function Pdf
References[edit]
- Goldreich, Oded (2001), Foundations of cryptography I: Basic Tools, Cambridge: Cambridge University Press, ISBN978-0-511-54689-1
- Goldreich, Oded (2004), Foundations of cryptography II: Basic Applications (1. publ. ed.), Cambridge [u.a.]: Cambridge Univ. Press, ISBN978-0-521-83084-3
- Pass, Rafael, A Course in Cryptography(PDF), retrieved 31 December 2015[1]
External links[edit]
- ^11-12-20C8
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Message_authentication_code&oldid=982254705'