Detailed Sha-1 algorithm

In the information system, in addition to the security technology, the other important aspect is authentication technology, authentication technology is mainly used to prevent opponents to the system active attack, such as camouflage, intersymbol, etc., which is particularly important for information security in open environment, the purpose of authentication is two aspects, One is to verify that the sender of the information is legitimate, and the second is to verify the integrity of the information.

First, hash function and message integrity

A hash function is also called a hash function or hash function. The input is a variable length x returns a fixed length string, which is called the hash value of the input x, and the image is the digital fingerprint, because the hash function is a many-to-many function, so certain different inputs must be changed to the same output. This requires a given hash value, the inverse is more difficult, but the given input to calculate the hash value must be very easy, so also called the hash function is one-way hash function.

The hash function generally meets the following basic requirements:

1, input x can be arbitrary length

2. Fixed output data length

3, easy to calculate, given any x, easy to calculate the hash value of X

4, one-way function, that is to give a hash value, it is difficult to reverse the calculation of the original input of the X

5, uniqueness, that is difficult to find two different input will get the same hash output value

Hash is worth the length of the algorithm determined by the type, and the input message size, regardless of the general 128bit or 160bit, even if the difference of two messages is very small, such as only one or two bits, the hash function of the results will be very different, Using the same algorithm to hash a message can only get the only determined hash value, commonly used one-way hash algorithm has MDS, SHA-1 and so on.

A secure one-way iterative function is the core and foundation for constructing secure message hashes, with good one-way iterative function, we can construct iterative hash function with appropriate iterative method, and the theory of security design of hash function mainly has the following two points: one is the one-way of function, the other is the randomness of function innuendo.

Two, common hash function

Now commonly used several hash algorithms have MD-5, SHA, etc., we focus on the SHA algorithm to explain this kind of algorithm:

SHA (Security Hash algorithm) is the United States NIST and the NSA designed a standard hash algorithm, SHA for digital signature of the standard algorithm in the DSS, is also a very high security hash algorithm, the algorithm's input message length is less than 2^64bit, The result value of the final output is 160bit,sha compared with MD-4, the main increase of the extended transformation, the previous round of the output also added to the next round, which increases the avalanche effect, and because of its 160bit output, is more resistant to the exhaustive attack.

Three, the basic steps of Sha-1 algorithm realization

1. Convert message digest to bit string

Because in the SHA-1 algorithm, its input must be bit, so we first convert it to a bit string, we illustrate the problem with the "ABC" string, because ' a ' =97, ' B ' =98, ' c ' = 99, so convert it to a bit string:

01100001 01100010 01100011

2, the converted bit string for the complement operation

More Wonderful content: http://www.bianceng.cnhttp://www.bianceng.cn/Programming/sjjg/

Sha-1 algorithm standard stipulates that the message digest must be complementary operations, will be entered into the data to fill, so that the data length of 512 of the result of the remainder of 448, fill the highest bit of a 1, the rest of the bit 0, if the complement has been satisfied before the 512 modulo remainder is 448, but also to complement, Then fill in a 1. In short, the complement is at least one bit, up to 512, we still take "abc" as an example, the complement process is as follows:

Initial information Summary: 01100001 01100010 01100011

First step complement: 01100001 01100010 01100011 1

..... ......

Complement last: 01100001 01100010 01100011 10.......0 (423 0 in back)

Then we convert the information digest after the complement operation to 16, as follows:

61626380 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000

3. Additional Length value

After the information digest appended with 64bit of information, used to indicate the length of the original information Digest, after this step, the information message is a multiple of 512bit. Typically, a 64-bit data is used to represent the length of the original message, and if the message length is less than 2^64, the first 32bit is 0, and after the additional length value operation, the "ABC" data message becomes the following form:

61626380 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000000

00000000 00000000 00000000 00000018

Because "abc" occupies 3 bytes, that is, 24 bits, the conversion to hexadecimal is 0x18.

4, initialize the cache

A 160-bit MD buffer is used to hold the results of the intermediate and final hash functions. It can be represented as a 5 32-bit register (H0,H1,H2,H3,H4). Initialized to:

H0 = 0x67452301

H1 = 0xefcdab89

H2 = 0x98badcfe

H3 = 0x10325476

H4 = 0xc3d2e1f0

If you are not unfamiliar to MD-5, you will find an important phenomenon, the first four and MD-5 the same, but the difference is stored as Big-endien format.

5. Calculation Message Digest

We have to do some basic work before we compute the message, which is the method, or definition, to be used in our calculation process.

(1), Loop left operator SN (x), X is a word, which is a variable of 32bit size, n is an integer and 0<=n<=32. Sn (X) = (x<<n) OR (x>>32-n)

(2), the constants to be used in the program, this series of constants, K (0), K (1) 、... K (79), are represented in hexadecimal as follows:

Kt = 0x5a827999 (0 <= T <= 19)

Kt = 0X6ED9EBA1 (<= t <= 39)

Kt = 0X8F1BBCDC (<= t <= 59)

Kt = 0xca62c1d6 (<= t <= 79)

(3), a series of functions to be used

Ft (b,c,d) (b&c) | ( (~b) &d)) (0 <= T <= 19)

Ft (b,c,d) (b^c^d) (<= T <= 39)

Ft (b,c,d) (b&c) | ( B&D) |  (c&d)) (<= T <= 59)

Ft (b,c,d) (b^c^d) (<= T <= 79)

(4), calculation

The calculation requires a buffer, consisting of 5 32-bit characters, and a 80 32-digit buffer. The first 5-word buffer is identified as a,b,c,d,e. A 80-word buffer is identified as W0, W1,..., W79

In addition, a temp buffer of one word is required.

In order to produce a message digest, the 16-word block of data defined in part 4th M1, M2,..., Mn

will be processed sequentially, processing each block of data mi contains 80 steps.

Now start processing M1, M2, ..., Mn. In order to process Mi, the following steps are required

(1). Divide Mi into 16 characters W0, W1, ..., W15, W0 is the leftmost word.

(2). For t = 16 to 79 Wt = S1 (Wt-3 xor Wt-8 xor Wt-14 xor Wt-16).

(3). Make A = H0, B = H1, C = H2, D = H3, E = H4.

(4) for t = 0 to 79, perform the following loop

TEMP = S5 (A) + ft (b,c,d) + E + Wt + Kt;

E = D; D = C; C = S30 (B); B = A; A = TEMP;

(5). H0 = H0 + A, H1 = H1 + B, H2 = H2 + C, H3 = H3 + D, H4 = H4 + E.

After all Mn is processed, the message digest is a 160-bit string that is identified in the following order

H0 H1 H2 H3 H4.

For sha256,sha384,sha512. You can also compute the message digest in a similar way. The algorithm for filling the message is exactly the same.

This article is from the "Late Evening" blog, please be sure to keep this source http://yiluohuanghun.blog.51cto.com/3407300/950450