RE: Hoping for Hashing Help

From: Christopher M. Heffner (cheffner@certified-labs.com)
Date: Mon Jan 02 2006 - 19:11:46 GMT-3

• Next message: Nadeem Zahid \(iszahid\): "IPv6/IPv4 address"
• Previous message: Brian Dennis: "RE: Booting XM Images on Non-XM 2600 Series Routers"
• Maybe in reply to: Tim: "RE: Hoping for Hashing Help"
• Next in thread: Scott Morris: "RE: Hoping for Hashing Help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tim,

If you really want to understanding HASHING and if your brain doesn't
hurt already then pickup the Applied Cryptography:Protocols, Algorithms,
and Source Code in C, 2nd edition by Bruce Schneier. Available in
hardback or softcopy (that should give you an idea of the depth of the
book since it is available in hard and soft copy).

http://www.bookpool.com/ss?qs=applied+cryptography

You will wish and understand when you finished reading this book why
Scott refers to it as "MAGIC".

Have fun.

Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
 
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tim
Sent: Sunday, January 01, 2006 8:32 AM
To: swm@emanon.com; security@groupstudy.com; ccielab@groupstudy.com
Subject: RE: Hoping for Hashing Help

Hey Scott,

First, let me wish you and your family the best possible 2006
imaginable.

And, if we do meet up sometime this year, ALL your drinks are on me.
How much can you drink?

Thanks for the reply on Hashing. I didn't know about that sampling
process and I still don't know exactly what munging is but I get the
idea.

Surprisingly, this cryptology topic has turned out to be much more
interesting than I expected.

What I still don't understand is why none of the people that write about
this Hashing stuff don't put this topic in context.

When you think about it, isn't hashing just a more sophisticated form of
parity checking which itself is a less sophisticated type of CRC (cyclic
redundancy check)?

Maybe once I fully understand all this stuff myself, I'll write a
pamphlet geared to normal people.

Thanks again, Tim

-----Original Message-----
From: Scott Morris [mailto:swm@emanon.com]
Sent: Saturday, December 31, 2005 8:57 PM
To: 'Tim'; security@groupstudy.com; ccielab@groupstudy.com
Subject: RE: Hoping for Hashing Help

MD5 and SHA both take a sampling of the message in question. That's why
the message length doesn't matter much. Although, since sampling isn't
a static thing that's why MD5 has been shown to have "collision
weakness" where more than one input could have the same hash output even
though it's not able to be reverse engineered.

MD5 gathers its samples based on 512-bit blocks of data from the input
message. The one-pass algorithm that takes those samples basically
figures out how much data there is in the message and does it's magic
from there!

SHA-1 does a different type of sampling arrangement (different advanced
math) and comes out with a 160-bit fingerprint. MD5 is 128-bit
fingerprint.
Both are susceptible to a collision-type attack, but SHA-1 is less
affected by it (or it's more difficult to do), although SHA-2 has
already improved upon the strength.

Simple terms? Magic. :) I'm not sure there's much of an easier way
to
look at it. You take a chunk of data of variable size, you apply one
algorithm to pull bits of information out, then you take another
algorithm to munge that information and come up with a fixed-length
output string.
Any change in the message (since we go down to bit-level) can make a big
change in the output.

For some examples, wiki search for MD5 and SHA.

It's math way above my brain cell structure, so I just am content to
know the concept and accept the magic. :) I turn the key in my car and
the engine starts. I don't particularly care why or how, it just does,
and I'm cool with that! (grin)

Cheers,

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tim
Sent: Saturday, December 31, 2005 3:40 PM
To: security@groupstudy.com; ccielab@groupstudy.com
Subject: Hoping for Hashing Help

Hi guys,

Happy New Year.

I hope everybody a year from now can look back upon 2006 and say, "This
was truly a great year."

Anyway, I've been trying to figure out something that's been bothering
me about hashing. According to lots of sources, a hash function can
take as input an arbitrarily long message and generate a fixed length
output which seems to be 128 bits in length for most Hashing algorithms
such as SHA-1, MD5, etc. commonly used today.

My question is this:

Can someone explain in simple terms how that's done without using
advanced mathematics?

When you think about it, this is very cool. No matter what length the
original message is, the hash is 128 bits. If the message is 100 bytes,
the hash is 128 bits. But, if the message is 1,000,000 bytes, the hash
is still
128 bits. How is that possible? I'm hoping someone can illustrate how
that's done with a simple example.

Ok, everyone have a good time this evening.

TIA, Tim

• Next message: Nadeem Zahid \(iszahid\): "IPv6/IPv4 address"
• Previous message: Brian Dennis: "RE: Booting XM Images on Non-XM 2600 Series Routers"
• Maybe in reply to: Tim: "RE: Hoping for Hashing Help"
• Next in thread: Scott Morris: "RE: Hoping for Hashing Help"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 01 2006 - 07:45:47 GMT-3