Poodlebleed.com LogoPoodlebleed.com

Cryptographic Hashing Study - MD5, SHA, CRC32

Info: 2144 words (9 pages) Study
Last Edited: 29th Aug 2022 by David Norman

To understand what a hash is we need to understand how it works and the various types that are available. Hashes are a string of characters that are created through a cryptographic algorithm. The hash is a fixed length depending on the type selected regardless of the input data (Hoffman, 2018). The hash is like a fingerprint that when assigned to the data it creates a uniquely set of charterers that identifies it just like a fingerprint. There are various types of hashes available to use depending what you are using it for. The most common type of hash used is MD5, SHA-256 and CRC32. These can be used in a variety of ways but the mainly get used for integrity checks of files.

There is no true way to identify a hash by looking at it you can look at the length of the hash and it could help you pick from a small list of algorithms used but there are variants of the same type with the same fixed length so from a technical point of view there is no way to identify a hash. MD5 is a wildly used algorithm used to check data to make sure it is identical from the raw data and would not be used in an advance encryption application.  MD5 hashes are 128-bit in length and are normally shown in 32-bit hexadecimal value there are different variants of message digest (MD) the more common one used today is MD5 but there are also MD4 and MD2 (Fisher, 2019).  MD5 is fast and small but because of the speed of MD5 it is weak against brute force attacks since so many attacks can be performed in a second the attacker has a good chance to get the password. Secure Hashing Algorithm or SHA was developed by the National Security Agency (NSA) the most common used today are SHA-1 and SHA-256 which use 160 and 256-bit hashes. SHA-256 has become the standard for digital signatures because of the larger bit hash security is provided with the more possible combinations. It’s also important to note that larger bit length does not mean more secure hashes it’s the construction of the algorithm that plays a major hand in the security (Lynch, 2018). Finally, cyclic redundancy check (CRC) is mainly used for error-detecting and will detect changes to the data. CRC32 is used as well for file integrity checks but not for any type of security related data (Tyson, 2001).

There are tools online that can help identify what type of hash is being used by checking the different type of checksums. Most of these tools will give you a idea on what type of algorithm is being used but may not tell you which variant of that type. On Windows and Linux, you can enter commands in to verify the hash and check it with the checksum to verify the file. With Windows you can go to the command prompt and use a built-in function called CertUtil that will display the hash. Linux also has a built feature similar to Windows by typing in for example md5sum (filename) will provide the hash in which you can verify the hash. A good tool for Windows is MD5 & SHA Checksum Utility which from its name is a tool that will all you to generate hashes as well as verify hashes (Fox, 2017). Another tool that is helpful for Windows is HashTab which integrates into Windows file Explorer in which you can calculate various hash values without requiring a separate application running (Implbits, 2017). For Linux GtkHash is an application that allows user to calculate checksums which then can verify the integrity of file and generate hash. There are numerous websites that are made available free to check files to verify the checksum and generate hash. A few sites such as Onlinemd5.com, Md5file.com, and toolsley.com provide these abilities in browser and your information is not stored on their servers. Online tools should only be used for validation, if for calculating a password do it locally just as a precaution.

Elliptic Curve Digital Signature Algorithm (ECDSA) and Rivest Shamir Adleman (RSA) are public key cryptographic algorithms that provide authentication. When looking at the key difference between the two is the key sizes. With RSA a common public key can be 2048-bits providing a security level of 112-bit. ECDSA would only require 224-bit public key and provide the same 112-bit security. The difference here is with ECDSA would require less bandwidth for SSL/TSL making it more efficient over RSA (Naziridis, 2018). Speed is also a advantage that ECDSA has over RSA dealing with key generations and signatures generations, while RSA would do better with signature verification. Below are tables showing the key length and the time required for the various sizes.

Key Generation

Key Length (bits)

Time (secs)

ECC

RSA

ECC

RSA

163

1024

0.08

0.16

233

2240

0.18

7.47

283

3072

0.27

9.80

409

7680

0.64

133.90

571

15360

1.44

679.06

Table I

Signature Generation

Key Length (bits)

Time (secs)

ECC

RSA

ECC

RSA

163

1024

0.15

0.01

233

2240

0.34

0.15

283

3072

0.59

0.21

409

7680

1.18

1.53

571

15360

3.07

9.20

Table II

Signature Verification

Key Length (bits)

Time (secs)

ECC

RSA

ECC

RSA

163

1024

0.23

0.01

233

2240

0.51

0.01

283

3072

0.86

0.01

409

7680

1.80

0.01

571

15360

4.53

0.03

Table III

RSA is used in eCommerce sites helping with securing communications between them and web browsers. RSA would use the SSL and create public and private keys which allows secure connections on both sides of the communications (Bhowmick, 2017). ECDSA is known for its use with Bitcoin, and how its security relies on the algorithm. Bitcoin uses the digital signature bases on the elliptic curve that helps prove Bitcoin ownership and sign. This works by having a signature generated by signing the hash of the transaction. The signature and the key would prove the transaction is created by the owner of the Bitcoin address (Wang, 2014).

References

Cite This Article

To export a reference to this publication please select a referencing stye below:

APA

MLA

MLA-7

Harvard

Vancouver

Wikipedia

OSCOLA