Module 4

MD5 (Message Digest Algorithm 5)

A cryptographic hash algorithm called MD5 (Message

Digest Method 5) can be used to create a 128-bit digest
from a string of arbitrary length. Hexadecimal numbers
of 32 digits are used to represent the digests.

• The method was created in 1991 by Ronald Rivest to

enable the verification of digital signatures. It was
included into several different frameworks in order to
improve security measures.
Because of hashing function suggestions, the digest size is always 128 bits, and even
minor changes to the input string result in considerably different digests. This is
needed to reduce the chance of hash collisions, or the formation of similar hashes.
Padding Bits:
Verify that the input string's size is 64 bits less than a multiple of 512 when you receive
it. In order to round off the extra characters, you must add zeroes after adding one (1)
to the bits of padding.

Padding Length:
The final string needs to include a few more characters in order to be a multiple of 512.
To achieve this, take the original input's length and represent it as 64 bits. Once the
two are combined, the last string is prepared for hashing.
Initialize MD Buffer

• The entire string is divided into several blocks, each

having 512 bits. In addition, four buffers (A, B, C, and
D) need to be initialised. Each of these 32-bit buffers is
initialised as follows −
 Process Each Block

A 512-bit block can be further divided into 16 sub-blocks, each

containing 32 bits. Each of the four operation rounds makes
use of all of the buffers, constant array values, and
sub-blocks.
You can refer to this constant array as T[1] ⇒ T[64].
• The sub-blocks are identified by the notation M[0] ⇒ M[15].
SHA
SHA stands for secure hashing algorithm. Data and
certificates are hashed using SHA, a modified version of
MD5. A hashing algorithm compresses the input data into a
smaller, incomprehensible form using bitwise operations,
modular additions, and compression functions. You can be
asking if hashing can be hacked or decoded. Hashing is
one-way, meaning that once data is hashed, a brute force
attack is needed to break the resulting hash digest. This is
the primary difference between hashing and encryption.
• Check out the below image to find out how the SHA
algorithm works. Even in the event that a single character
changes in the message, SHA is intended to provide a
unique hash.
Hashing two similar but distinct messages, like "Heaven" and "heaven is different," is one example. All that differs,
however, is one small and one capital letter.

SHAs also help to identify any alterations made to the original message. A user can determine whether a single letter has
been altered by comparing the hash digests to the original ones, as they will differ significantly. The deterministic nature of
SHA is one of their key features. This means that any computer or user can reproduce the hash digest as long as they know
the hash algorithm that was used. One of the reasons that all SSL certificates on the Internet must have been hashed using
a SHA-2 method is because of the finite nature of SHAs.
 Types of SHA
SHA stands for Secure Hash Algorithm family of
cryptographic hash functions. Every SHA type is distinct and
comes in a range of numbers. Here are a few common types
• SHA-1 − This was the first version of SHA. It is currently
believed to be less secure as a result of these weaknesses.
• SHA-2 − This includes several hash algorithms with different
digest sizes, such as SHA-224, SHA-256, SHA-384, and
SHA-512. They are more secure than SHA-1 and are
frequently used.
• SHA-3 − The newest member of the SHA family, it was
created using different methods than SHA-1 and SHA-2.
They include SHA3-224, SHA3-256, SHA3-384, and
SHA3-512.
Features of SHA
• Data Integrity − SHA generates a fixed-size hash result (often 160, 256, 384, or
512 bits) from input data of arbitrary size. Since a small change in the input
data would produce a significantly different hash value, it can be used to verify
the integrity of data. If the hash values match, this suggests that the input data
has not been altered.
• Uniqueness − SHA tries to produce unique hash results for a range of inputs.
While it is still theoretically possible, modern SHA versions (such SHA-256 and
SHA-3) are meant to reduce the probability of two different inputs producing
the same hash value (a collision).
• Cryptographic Security − Pre-image, second pre-image, collision, and other
types of cryptographic attacks are all things that SHA is meant to handle. This
means that it will be challenging for an attacker to determine two distinct inputs
that result in the same hash value or to reverse-engineer the original input data
from its hash value.
• Efficiency − SHA algorithms can produce hash values quickly, even for huge
amounts of input data, because they are computationally efficient.
• Wide Use − SHA is widely used in a number of security applications, like
blockchain technology, digital signatures, message authentication codes
(MACs), and password hashing.
SHA Working
1) Padding
2) Appending
3) Divide the input into 512 bits
4) Initialize 5 chaining variables
5) Process Blocks
Copy corresponding variables A=a, B=b, C=c, D=d and E=e
Divide into no of 512 blocks
Four rounds( each round=20 steps)
Digital Signatures
A digital signature is a mathematical technique used to validate the authenticity and integrity of a digital document, message or
software. It's the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. A
digital signature is intended to solve the problem of tampering and impersonation in digital communications.
Digital signatures can provide evidence of origin, identity and status of electronic documents, transactions and digital messages.
Signers can also use them to acknowledge informed consent. In many countries, including the U.S., digital signatures
are considered legally binding in the same way as traditional handwritten document signatures.
How do digital signatures work?
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm,
such as Rivest-Shamir-Adleman, or RSA, two keys are generated, creating a mathematically linked pair of keys: one private
and one public.
Digital signatures work through public key cryptography's two mutually authenticating cryptographic keys. For encryption and
decryption, the person who creates the digital signature uses a private key to encrypt signature-related data. The only way
to decrypt that data is with the signer's public key.
If the recipient can't open the document with the signer's public key, that indicates there's a problem with the document or the
signature. This is how digital signatures are authenticated.
Digital signing certificates, also called public key certificates, are used to verify that the public key belongs to the issuer. Signing
certificates are sent with the public key; they contain information about the certificate's owner, expiration dates and the
digital signature of the certificate's issuer. Trusted third-party certificate authorities (CAs), such as DocuSign or GlobalSign,
issue signing certificates.
• Digital signature technology requires all parties to trust that the person who creates the signature image has kept the private
key secret. If someone else has access to the private signing key, that party could create fraudulent digital signatures in the
name of the private key holder.
Types of Authentication Protocols

Authentication protocols are methods or procedures used

to verify the identity of a user, device, or system. These
protocols are designed to ensure that only authorized
users or devices are able to access protected resources,
and to prevent unauthorized access or tampering.
Types of Authentication:
Password-based authentication: This is the most common form
of authentication, in which a user provides a username and
password to log in to a system or access a protected resource.
Password-based authentication is relatively simple to implement,
but can be vulnerable to attacks such as dictionary attacks or
brute force attacks.
• Two-factor authentication: This is a type of authentication that requires a
user to provide two forms of identification, such as a password and a
security token, to log in to a system or access a protected resource.
Two-factor authentication can provide an additional layer of security, but
may be inconvenient for users and may require additional infrastructure to
support.

• Biometric authentication: This is a type of authentication that uses

physical or behavioral characteristics,such as a fingerprint or facial
recognition, to verify the identity of a [Link] authentication can be
highly secure, but may be expensive to implement and may not work well
for all users (e.g., due to differences in physical characteristics).
Digital Signature Standard (DSS)

• The Digital Signature Standard (DSS) is a federal standard in the

United States that defines algorithms used to create and verify digital
signatures. It specifies the use of the Digital Signature Algorithm
(DSA) for generating digital signatures and ensuring the integrity and
authenticity of electronic documents. DSS is defined by the National
Institute of Standards and Technology (NIST) and is used to secure
electronic transactions, communications, and documents.
Why Is DSS Important?

• Standardization: DSS provides a standardized method for creating and

verifying digital signatures, ensuring consistency and security in electronic
transactions.
• Security: DSS specifies secure cryptographic algorithms like DSA,
ensuring that digital signatures are resistant to tampering and forgery.
• Compliance: DSS is a requirement for many federal agencies and
organizations, ensuring that digital signatures meet regulatory standards for
security and authenticity.
• Interoperability: DSS ensures that digital signatures can be used and
verified across different systems and platforms, promoting secure
communication and collaboration.
Key Components of DSS

• Digital Signature Algorithm (DSA): DSS specifies the use of DSA for
creating and verifying digital signatures, ensuring secure and reliable
document signing.
• Public and Private Keys: A key pair is used to create and verify digital
signatures, ensuring that only the authorized signer can sign the document.
• Hash Function: DSS uses cryptographic hash functions to create a unique
digital fingerprint of the document, ensuring data integrity.
• Verification Process: The recipient verifies the digital signature using the
signer’s public key, ensuring that the signature is legitimate and the
document is untampered.
Proof of digital signature
• Authenticity:

The signature confirms that the document was indeed created and signed by the person whose certificate it is.

• Integrity:

The signature ensures that the document has not been tampered with or altered after it was signed.

• Non-repudiation:

The signature provides proof to all parties involved that the signer is the one who signed the document, preventing
them from later denying their signature.
Verification Process:
1. Check the Certificate Status:

A validator verifies the digital ID certificate status of the signature.

2. Trust Validation:

The validator checks if the signer's certificate or its parent certificates are trusted by the trusted authority.

3. Document Integrity:

The validator ensures that the document's content is not altered or corrupted since it was signed, according to Dropbox Sign.

4. Audit Trail:

Some e-signature platforms maintain an audit trail that documents the signing process, providing additional evidence of the signature's validity.
5. Public/Private Keys and Digital Certificates:

The process relies on the use of public and private key pairs and digital certificates, where the private
key is used to sign the document, and the public key is used to verify the signature.

6. Review Signer's Intent:

Verifying the signer's intention confirms that the person who signed the document intended to be bound
by its terms.

7. Use Trusted E-Signature Platforms:

Using trusted platforms that adhere to legal and technical standards adds another layer of assurance.