- 1. Introduction to cryptography
- 2. Symmetric encryption
- 3. Packet encryption mode
- 4. Asymmetric encryption
- 5. One-way hash functions
- 6. Message authentication code
- 7. Digital signature
- Certificate of 8.
- 9.SSL/TLS
"One-way hash function - get fingerprint of message"
Copy the codeFingerprints are used by investigators in criminal investigations. By comparing the fingerprints of a particular person with those left at the scene of a crime, it is possible to see if that person is connected to the crime.
Sometimes we also need fingerprints for messages processed by computers. When two messages need to be compared for consistency, we don’t have to compare the content of the messages themselves, just their “fingerprints”.
In this chapter, we will learn about one-way hash functions. Using a one-way hash function, you can get a “fingerprint” of the message, and by comparing the “fingerprint”, you can see if the two messages are consistent.
In the following sections, we will briefly introduce one-way hash functions and show you specific examples. Then we’ll go into detail about the sha-I one-way hash function, which is very widely used today.
5.1 What is a One-way Hash function
A one-way hash function has an input and an output, where the input is called a message and the output is called a hashvalue. A one-way hash function can calculate a hash value based on the contents of the message, and the hash value can be used to check the integrity of the message.
The message doesn’t have to be a human readable text, it can be an image file or a sound file. A one-way hash function does not need to know what the message actually represents. The one-way hash function treats any message as a pure sequence of bits, from which the hash value is calculated.
The length of the hash value is independent of the length of the message. Whether the message is 1 bit, 100MB, or even IOOGB, the one-way hash function computes a fixed length hash value. The sha-I one-way hash function, for example, always computes a hash value of 160 bits (20 bytes) in length.
5.2 Glossary
There are many variations of the terms used for one-way hash functions, and they vary from resource to resource. Here are some of them.
The one-way hash function is also called the Message Digest function, hash function, or hash function.
A message entered into a one-way hash function is also called a pre-image.
The hash value output by a one-way hash function is also called a Message digest or fingerprint.
Completeness is also called consistency.
By the way, the word “hash “in the one-way hash function originally came from the Old French” axe “, which was later extended to “chopped meat”, perhaps because of the feeling of chopping and mixing together with an axe. The purpose of a one-way hash function is essentially to chop up long messages and then mix them into fixed length hashes.
5.3 Properties of one-way hash functions
Using a one-way hash function, it is possible to verify the integrity of even a few hundred MEgabytes of files by comparing very short hash values. So, what properties must a one-way hash function have? So let’s sort this out.
-
Computes a fixed-length hash value from a message of arbitrary length
First, the input of a one-way hash function must be able to be a message of any length.
Second, a one-way hash function must be able to generate a short hash regardless of the length of the message, which is not useful if the longer the message is, the longer the hash is generated. For ease of use, the length of the hash value is best kept short and fixed.
-
Ability to quickly compute hash values
The time taken to compute the hash value must be short. Although the longer the message, the longer it will take to compute the hash value, it is meaningless if the calculation cannot be completed in a realistic time.
-
The hash value varies from message to message
In order to be able to verify integrity, a change of even 1 bit in the message must have a high probability of producing a different hash value.
If the hash value computed by a one-way hash function does not change, the message can easily be tampered with and the one-way hash function cannot be used for completeness checks. A situation in which two different messages produce the same hash value is called a collision. If you want to use one-way hash functions for integrity checks, you need to ensure that collisions are virtually impossible to detect artificially.
The nature of the collision that is difficult to detect is called collisionresistance. All the one-way hash functions used in cryptography need to be collashproof.
Strong collision resistance refers to the fact that it is very difficult to find two different messages with the same hash value. In this case, the hash value can be any value. Unidirectional hash functions in cryptography must have strong collision resistance.
-
Unidirectional
A one-way hash function must be one-way. Unidirectional refers to the inability to work out the properties of a message from a hash value. Calculating hash values from messages can be easy, but this one-way street cannot be reversed.
Just as it is easy to smash glass into pieces but impossible to restore the pieces to full glass, it is easy to compute a hash value from a message, but impossible to compute a message from a hash value.
One thing to note here is that although the hash value produced by a one-way hash function is a completely different sequence of bits from the original message, the one-way hash function is not a form of encryption and therefore cannot be decrypted to restore the hash value to the original message.
5.4 Practical application of one-way hash function
Let’s look at an example of a one-way hash function in action.
5.4.1 Detect whether the software is tampered with
You can use a one-way hash function to determine if your downloaded software has been tampered with.
Many software, especially security-related software, will publish the hash values calculated by one-way hash functions on their official websites. After downloading the software, users can calculate their own hash values, and then compare them with the hash values published on the official website. By hashing, the user can confirm that the downloaded file is the same as the file provided by the software author.
Such an approach is useful in situations where software is available from multiple sources. In order to reduce the strain on the server, many software authors distribute their software through multiple websites (mirror sites). In such cases, one-way hash functions can play an important role in detecting whether the software has been tampered with.
5.4.2 Message Authentication Code
Message authentication codes can be constructed using one-way hash functions.
Message authentication code is a hash value calculated by mixing the shared key between sender and receiver and message. Using message authentication codes can detect and prevent errors, tampering, and masquerading in communication.
Message authentication codes are also used in SSL/TLS, which we will cover in a later section.
5.4.3 Digital Signature
One-way hash functions are also used for digital signatures.
Digital signature is the realization of signature and seal in the digital world. The process of digital signature is very time-consuming. Therefore, the whole message content is not signed directly. Instead, the hash value of the message is calculated by one-way hash function, and then the digital signature is applied to the hash value.
5.4.4 Pseudo-random number generator
A pseudorandom number generator can be constructed using a one-way hash function.
The use of random numbers in cryptography requires that it is virtually impossible to predict future random sequences from past random sequences. To ensure unpredictability, you can take advantage of the unidirectionality of a one-way hash function.
5.4.5 One-time password
You can construct a one-time password using a one-way hash function.
One-time passwords are often used by servers to authenticate clients. In this way, by using a one-way hash function, the password is guaranteed to be transmitted only once over the communication link, so that even if an eavesdropper steals the password, it cannot be used.
5.5 Common one-way hash functions
5.5.1, MD4 and MD5
MD4 is a one-way hash function designed by Rivest in 1990, capable of generating a hash value of 128 bits (RFC1186, revised RFC1320). However, with Dobbertin’s approach to finding COLLISIONS with MD4 hashes, it is no longer safe.
MD5 is a monomone hash function designed by Rwest in 1991, capable of generating a hash value of 128 bits (RFC1321).
MD5’s crashworthiness has been compromised, meaning that it is now possible to produce two different messages with the same hash value, so it is no longer secure.
MD in MD4 and MD5 stands for Message Digest.
5.5.2 Using MD5 in Go
-
Package to import
import ( "crypto/md5" "encoding/hex" ) Copy the code -
Method of calculating Md5 1
func getMD5_1(str []byte) string { // 1. Calculate the MD5 of the data result := md5.Sum(str) fmt.Println(result) fmt.Printf("%x\n", result) // 2. Format the data as a hexadecimal format string res := fmt.Sprintf("%x", result) fmt.Println(res) // This is another way to format slices res = hex.EncodeToString(result[:]) fmt.Println("res: ", res) return res } Copy the codeDescription of important functions:
-
Returns the MD5 checksum of data
The package to which the function belongs:"crypto/md5" func Sum(data []byte) [Size]byte- Parameter data: indicates the original data. - Returned value: indicates the data obtained after MD5 calculation. The length is16Byte (byte) Copy the code -
Encodes the string in hexadecimal format
The package to which the function belongs:"encoding/hex" func EncodeToString(src []byte) string- parameter SRC: data to be converted - Return value: obtained after conversion16Hexadecimal format stringCopy the code
-
-
Method of calculating Md5 2
func getMD5_2(str []byte) string { // 1. Create a Hash object that uses MD5 authentication myHash := md5.New() // 2. Write data to the hash object using I/O operations io.WriteString(myHash, "hello") //io.WriteString(myHash, ", world") myHash.Write([]byte(", world")) // 3. Calculation result result := myHash.Sum(nil) fmt.Println(result) // 4. Convert the result to a hexadecimal format string res := fmt.Sprintf("%x", result) fmt.Println(res) // This is another way to format slices res = hex.EncodeToString(result) fmt.Println(res) return res } Copy the codeDescription of important functions:
-
Create a new hash. hash interface that uses MD5 authentication
The package to which the function belongs:"crypto/md5" func New(a) hash.Hash Copy the codeHash is a common interface implemented by all Hash functions.
type Hash interface { // Add more data to the hash via the embedded anonymous IO.Writer interface's Write method, never returning an error io.Writer // Returns the new slice after adding b to the current hash value, without changing the underlying hash state Sum(b []byte) []byte // Resets hash to a state with no data input Reset() // Return the length of the slice that Sum will return Size() int // Returns the underlying block size of the hash; The Write method can accept data of any size, // However, it is more efficient to provide data as multiples of the block size BlockSize() int } "io"The Writer interface in the package is used to wrap the basic write method.type Writer interface { Write(p []byte) (n int, err error) } Copy the code -
Write data to hash objects using I/O operations
The first way the function belongs to the package:"io" func WriteString(w Writer, s string) (n int, err error)- Parameter W: implements/contains the Writer interface. - Parameter S: data to be added to the I/O object. - Returned value n: Data length. Error message # Second way to add data myhash.write ([]) using the hash.Hash interface (let's say: myHash) from the New() method in the MD5 packagebyte("Test data")) Copy the code -
Use the Sum method in the hash. hash interface to compute the result
Sum(b []byte) []byte- Parameter b: Hash the data in b and add the result to the front of the original data. In general, this parameter is specified as empty, that is:nil- Return value: the result of the hash operationCopy the code
-
5.5.3 SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
SHA – 1 is by NIST (NationalInstituteOfStandardsandTechnology, American national standards institute of technology) design can produce a 160 bits of the hash value of the one-way hash function. SHA was published in 1993 as the U.S. Federal Standard Specification for Information Processing (FIPS PUB 180), and the revised FIPS PUB 180-1 was published in 1995 as SHA-1.
There is an upper limit to the length of sha-1 messages, but this value is close to 2^64^ bits, which is a very large number, so there is no problem in practical use.
Sha-256, SHA-384, and SHA-512 are all one-way hash functions designed by NIST, and their hash values are 256, 384, and 512 bits, respectively. Collectively known as SHA-2, these one-way hash functions have an upper limit on message length (sha-256 has an upper limit of close to 2^64^ bits, and SHA-384 and SHA-512 have an upper limit of close to 2^128^ bits). These one-way hash functions were released in 2002 along with SHA-1 as FIPS PUB 180-2. Sha-1’s strong crashworthiness was cracked in 2005, that is, it is now possible to produce two different messages with the same hash value. However, SHA-2 has not yet been breached.
| Number of bits | The number of bytes | |
|---|---|---|
| MD4 | 128bit | 16byte |
| MD5 | 128bit | 16byte |
| SHA-1 | 160bit | 20byte |
| SHA-224 | 224bit | 28byte |
| SHA-256 | 256bit | 32byte |
| SHA-384 | 384bit | 48byte |
| SHA-512 | 512bit | 64byte |
####5.5.4 Use of SHA-1 and SHA-2 in Go
-
Package to import
import ( "crypto/sha1" "encoding/hex" "crypto/sha256" "crypto/sha512" ) Copy the code -
Use SHA1 to calculate file fingerprints
The previous section introduced how to use the API provided by GO to calculate the MD5 fingerprint of data. The calculation method of SHA1 is the same as the routine of MD5. Md5 package needs to be replaced by SH1.
func getSha1(src string) string { 1. Open the file fp, err := os.Open(src) iferr ! =nil { return "File opening failed" } 2. Create a Hash object based on the SHA1 algorithm myHash := sha1.New() // 3. Copy file data to hash object num, err := io.Copy(myHash, fp) iferr ! =nil { return "Failed to copy file" } fmt.Println("File size:", num) // 4. Calculate the file hash value tmp1 := myHash.Sum(nil) // 5. Data format conversion result := hex.EncodeToString(tmp1) fmt.Println("sha1: ", result) return result } Copy the code