Message Authentication

If we want to send a message across the network in such a way that the recipient can be sure that it came from us, we need to sign it in some way. We have discussed a method of doing this which involves encrypting the message with the sender’s private key. Unfortunately this has two problems:

Encrypting a message with a private key is very slow, particularly for a long message. In general it is considerably slower than encrypting it with a public key.
How can we be sure that a message has not been altered after it has been signed?

Message Digests

The solution to both of these problems lies in a “message digest”. This is a short fixed length string which is computed from the original message using some form of hashing algorithm. If we can devise a hashing algorithm with properties such that it is impossible to find another message that hashes to a same value, then we can use it to validate that the received message to which the hash is attached is the same as that sent.
The most commonly used algorithms for generating message digests are MD2, MD4, and MD5. Each of these three algorithms generates a 128-bit digest. MD2 and MD4 have known flaws (that is, a hacker can alter the message and then add data so that the same digest is produced) and their use is no longer recommended. MD5 has also recently been the subject of some scrutiny and potential problems have been reported with the algorithm.

Secure Hash Algorithm

SHA (Secure Hash Algorithm) (also SHS, Secure Hash Standard) is a cryptographic hash algorithm published by the United States Government. It produces an 160 bit hash value from an arbitrary length string. Many people consider it to be quite good. However, it is fairly new so problems may come to light in future.

[ Contents ] [ DNS ] [ p6spy ] [ Weblogic Tuning ] [ Cactus ] [ The Grinder ] [ Word to PDF ]