Those are all the encryption algorithms that we're going to talk about. There are others. There's a type of encryption referred to as elliptic curve cryptography. We're going to stop there with the PGP, AES, and RSA. Hash functions, what are those all about? So, Hash function maps a message of arbitrary length into a fixed number of bits, producing a hash value. Sometimes it's known as a message digest or sometimes it's just called the digest. ''Good'', in quotes, cryptographic hash functions have five properties. They're deterministic: same input produces the same output every single time. It's quick to compute. It's computationally inexpensive to take the message and produce the digest. It is impractical to determine a message from the hash value. Notice I didn't say impossible. It's very difficult computationally, it's a lot of compute power to take hash value and run the hash algorithm backwards to try to produce the original message. This is why they're cool. This is why they're good. This is why we use them. It gives rise to this notion of being a one-way function. So, you take this message, you feed it into a hash function, you get this digest out. Very hard to go the other direction. Computationally expensive. Four, a small change in the input results in a large change in the output. So, when I make a comment about AES algorithm also, on average, if you take a data of 16 bytes of data and feed it into the AES algorithm and look at the ciphertext and then you flip one bit of that 16 bytes and feed it into the AES algorithm and compare the two ciphertexts, on average, about 50 percent of the bits flip in the second set of ciphertext approximately. It's also impractical to find two messages that map to the same hash value. Hash functions can be used to check the integrity of data transmission. So, this is one of their primary uses. It can also be used to store passwords. So, in this little cartoon example, imagine there's a website somewhere and you have a username and this is the character string you chose for your password. So, previously this password when you set up your account was run through a hashing algorithm and it produced f1324578 and is stored in this password table. So, this is a list of digests of the user's passwords for all the users. The username indexes into the password table. So, you enter your username and you enter your password, the system uses your username as an index into this table, pulls out the hashed value of the password and takes the password that you set up when you set up your account and then takes the password you just typed into the website, hashes it, and compares them. If they're the same, then you're allowed access. If they're not the same, then you get rejected. Also just be aware that there's a family of hash functions as per FIPS 180-4. FIPS is a United States federal information processing specification, or I should look that up first. I think that's what it stands for, Federal Information Processing Specification 180-4. Later in this set of slide decks, probably we'll get to it next week, we'll go look at some of those FIPS publications. There's quite a few of them out there. These hash functions that are listed in the specification are well studied and we have not spotted a problem. We cryptographic "good" guys have not spotted a problem with them yet. So, if you're looking for a "good" cryptographic hash function, use one of the specifications in that FIPS or one of those algorithms in the FIPS specification. Remember I said security is never ever 100 percent. It's only so good. We believe these things to be secure until someone figures out a way to prove that it's not secure. Are there any weaknesses with this scheme? Can be. There's a type of attack known as a dictionary attack. The idea behind that dictionary attack is an adversary is able to steal this password table and has these values. Then what they do is they try and enter passwords that map to one of the values in the table. They can then later use that to login to your account. So, how would they get this? They might have been granted physical access to the server room and was able to log on and stick a flash disk in the server or a flash drive in the server or whatever, and downloaded. Like Snowden, I'm not exactly sure how he got his data but he was able to pull a bunch of information off because he had physical access to sensitive equipment. Message authentication codes. These are like hashes, they're a little more than hashes. So, it accepts as an input, a secret key or key, ideally you want to keep your key secret, and a message of arbitrary length much like hash function. It outputs a fixed size MAC value much like hash function does. That's also known as a tag. A cryptographic hash function is one method to generate a MAC value. HMAC-SHAC256, through a request for, I don't remember what the C stands for now, request for comment. Is that what it is? 2104. This is well documented and you should be able to find that one out on the NIST site under the specifications. This one has these, including that one, are often used for authentication and we'll see how that works here coming up in a few moments. So, here's an example of the usage of a MAC. Have a very handy. So, here we are concerned about the authenticity. Did this message that Alice received really come from Bob? And integrity, has the message modified in transit in any way? I was travelling across this and secure channel. So, previously, Alice and Bob, maybe using Diffie-Hellman, have established a shared private key. So, Bob takes his message, combines it with the shared secret private key that they both have and runs it through the MAC algorithm to produce a tag. The tag is sent across the channel. The message in this case in this particular example, isn't encrypted. We're just worried about the authenticity and the integrity of the message. In this particular scenario, we don't care if Eve is listening in on the conversation or not. Alice and Bob don't care in this case. So, the message is sent a across clear text. So, what Alice does on her side is she takes the message along with the private key, and generates a new tag and takes the received tag and compares those. If they're the same, Alice can trust that the message came from Bob. If Eve got in the way here and modified this message, it would have changed the tag value. So, you can check the message's integrity and the message's authenticity. Open Source downloads. I'm always a little nervous about downloading open source code because you don't ever really know for 100 percent unless you know friends of the developers or something. I've downloaded some over the years and many come with an MD5 checksum, an MD5 utility, and in-links land. So, you go to the website, there's some executable code or some source code you can download and compile on your machine, maybe it's in a zip file, and they'll provide an MD5 checksum. Now, assuming that the website hasn't been hacked and the source codes has been contaminated and they updated the new MD5 Checksum, assuming that hasn't happened, you can use the MD5 checksum to see if the zip file was modified as it was being downloaded. So, vulnerabilities have been discovered and MD5 that make it unsuitable for use as a cryptographic hash function but can still be used for data integrity. Has anyone messed with my zip file?