From: Tim (ccie2be@nyc.rr.com)
Date: Sun Jan 01 2006 - 10:31:57 GMT-3
Hey Scott,
First, let me wish you and your family the best possible 2006 imaginable.
And, if we do meet up sometime this year, ALL your drinks are on me. How
much can you drink?
Thanks for the reply on Hashing. I didn't know about that sampling process
and I still don't know exactly what munging is but I get the idea.
Surprisingly, this cryptology topic has turned out to be much more
interesting than I expected.
What I still don't understand is why none of the people that write about
this Hashing stuff don't put this topic in context.
When you think about it, isn't hashing just a more sophisticated form of
parity checking which itself is a less sophisticated type of CRC (cyclic
redundancy check)?
Maybe once I fully understand all this stuff myself, I'll write a pamphlet
geared to normal people.
Thanks again, Tim
-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Saturday, December 31, 2005 8:57 PM
To: 'Tim'; security@groupstudy.com; ccielab@groupstudy.com
Subject: RE: Hoping for Hashing Help
MD5 and SHA both take a sampling of the message in question. That's why the
message length doesn't matter much. Although, since sampling isn't a static
thing that's why MD5 has been shown to have "collision weakness" where more
than one input could have the same hash output even though it's not able to
be reverse engineered.
MD5 gathers its samples based on 512-bit blocks of data from the input
message. The one-pass algorithm that takes those samples basically figures
out how much data there is in the message and does it's magic from there!
SHA-1 does a different type of sampling arrangement (different advanced
math) and comes out with a 160-bit fingerprint. MD5 is 128-bit fingerprint.
Both are susceptible to a collision-type attack, but SHA-1 is less affected
by it (or it's more difficult to do), although SHA-2 has already improved
upon the strength.
Simple terms? Magic. :) I'm not sure there's much of an easier way to
look at it. You take a chunk of data of variable size, you apply one
algorithm to pull bits of information out, then you take another algorithm
to munge that information and come up with a fixed-length output string.
Any change in the message (since we go down to bit-level) can make a big
change in the output.
For some examples, wiki search for MD5 and SHA.
It's math way above my brain cell structure, so I just am content to know
the concept and accept the magic. :) I turn the key in my car and the
engine starts. I don't particularly care why or how, it just does, and I'm
cool with that! (grin)
Cheers,
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tim
Sent: Saturday, December 31, 2005 3:40 PM
To: security@groupstudy.com; ccielab@groupstudy.com
Subject: Hoping for Hashing Help
Hi guys,
Happy New Year.
I hope everybody a year from now can look back upon 2006 and say, "This was
truly a great year."
Anyway, I've been trying to figure out something that's been bothering me
about hashing. According to lots of sources, a hash function can take as
input an arbitrarily long message and generate a fixed length output which
seems to be 128 bits in length for most Hashing algorithms such as SHA-1,
MD5, etc. commonly used today.
My question is this:
Can someone explain in simple terms how that's done without using advanced
mathematics?
When you think about it, this is very cool. No matter what length the
original message is, the hash is 128 bits. If the message is 100 bytes, the
hash is 128 bits. But, if the message is 1,000,000 bytes, the hash is still
128 bits. How is that possible? I'm hoping someone can illustrate how
that's done with a simple example.
Ok, everyone have a good time this evening.
TIA, Tim
This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:47 GMT-3