Digital Technologies and Encryption

Posted by arlene

Message Digest Functions

These are mathematical functions which, when applied to a file, return with some number known as a digest that somehow provides some near unique characterisation of the file. An example of an immensely poor message digest function would be one which took every character in the file, added their bit codes together and took the remainder when divided by a very large number. A message digest function should have a number of properties:

• All the input to a message digest function should influence the output.
• If a bit in the message digest function’s input is modified then every bit in the output has a probability of 0.5 of changing.
• It should be computationally infeasible to find a file which has the same message digest function value as another file.

There are a number of uses for such functions; we shall be looking at one in particular, the digital signature. However, one low-tech use is to discover whether any files have been modified in a system, either by an intruder or by a virus. In the early days of viruses you could detect this by means of looking at the size in bytes of the code; however, virus writers have managed to subvert this by deploying viruses which lop off code from existing programs and embed themselves in the code in such a way that the file size is unaffected or by subverting the file reading components of the operating system. One way of detecting file changes is to compare a digest of a file with its previous value; if they are the same then there is a very high probability that the file has not been modified, but if they are not the same then the file has been changed.

There are a number of message digest functions and technologies which have been devised:

• HMAC. This is a technique used to provide evidence that a particular message has not been altered. It uses both a message digest function and a private key. A message digest is calculated for the text, it is encrypted and sent with the text. The receiver decrypts the digest, calculates the digest of the text using a message digest function and compares it with the decrypted value; if they are the same then the message has not been tampered with.
• The MD series. This is a series of message digest functions developed by Ronald Rivest. They all use a 128 bit digest. They differ with regard to the speed with which they can be calculated and the strength of the digest function: how easy it can be to discover a file which has the same function value as another file.
• The SHA series. These are message digest functions developed by the American National Security Administration. They produce 160 bit digests.

There are a number of uses for message digest functions over and above that of checking files for tampering. They are used for message authentication codes. In this use a digest is calculated for a message that is sent between two parties and then appended to the end of the message. Each of the parties has knowledge of the message digest function used: the sender uses it to carry out the calculation of the digest while the recipient uses it to calculate the value of the digest from the received message. If the value calculated by the recipient is the same as the appended value then there is a very high probability that the message has not been tampered with during its traversal of the communication medium used.

Another use for message digest functions is in producing a password from a series of words known as a passphrase. Passphrases have a long history in order to remember passwords, for example the password itbil#ptooway can be remembered by the passphrase ‘In the beginning I liked hash potatoes, what about you’. Here initial letters and symbols are used to remember a hard-to-crack password. Message digest functions are also used in digital signatures.

Digital Signatures

A digital signature is some data that uniquely identifies a person or an organisation. Digital signatures rely on message digest functions and public key cryptography. In order to describe how they work consider the sending of a message from one agent (A) to another (B) where agent A publishes a public key. The steps below assume that B knows what message digest function is being used. The following steps occur:

• Agent A calculates a message digest of the message to be sent.
• The message digest is then encrypted using the private key. This is the digital signature.
• The message, along with the digital signature, is sent to B.
• B decrypts the digital signature using the public key to obtain the message digest.
• B then calculates the message digest of the sent message using the message digest function that A used and compares it with the decrypted digest. If they match then the message has been sent by the owner of the private and public key.

An important point to make is that digital signatures can give irrefutable proof that content has been changed en-route. They ensure integrity but not privacy.

Possibly related posts: (automatically generated)
Digital Technologies and Encryption

• Internet Security, Public Key Encryption and Digital Certificates
• SSL Server（Secure Sockets Layer）
• Public key Cryptography, when can be seriously Attack
• Getting around the Encryption Problem
• Network and Programming: the .Net framework
• Public-key Digital Signatures
• Security Facilities in Java
• Coded Data Cryptographic Systems Software
• Secret Cryptosystems of Public Keys
• Digital Legal Liabilities