I talked about message digests in minor detail on my previous post. Message digest hashing algorithms can be used for digital signature when a massive message must be hashed in a secure manner. A digital signature is something that’s created when the digest of the message is encrypted using the private key of a sender.
MD4, also known as message digest 4 is made by Ronald L. Rivest. MD4 is a one way has function that produces 128 bit hash message digest value. MD4 is fast and is optimized for 32 bit machines, a typical user machines. The message gets padded so that its total length in bits plus 448 is divisible by 512. Next, a 64 bit binary representation of the original length of the message is added to the message. The message is then processed in 512 bit blocks and then each block is processed in three rounds. Over time, though, MD4 has been shown to be easily broken. MD4 has been compromised since 1995 and isn’t used anymore.
MD5 is a slower but more complex version of MD4. It is usually used for integrity checking, for example, downloaded files usually includes an MD5 checksum that the user can compare to the checksum of the downloaded file. Vulnerabilities, such as not being collision resistant (built other certificates that appeared to be legit and issued by rapidSSL), and has been replaced with secure hash algorithm (SHA) has functions are considered better alternatives to MD5.
SHA was developed by the NSA for use with digital signature standards and is considered a more secure than MD5. This is a US federal information processing standard. SHA produces 160 bit hash value that is run through the digital signature algorithm (DSA), which adds the signature for the message.
How this works is the sender encrypts the hash value with the private key that he owns, then the hash value is attached to the message. The receiver then decrypt the message with the sender’s public key and compare the two has values. If the values are identical, the message is good to go, because it means it hasn’t been altered by anyone else and provides integrity. Other variants of SHA is SHA-1, SHA-2, SHA-224, SHA-256, and more, which represents larger bit values. SHA is used in several popular security applications such as TLS (transport layer security), SSL (security sockets layer), and IPsec (internet protocol security). SHA 1 has been found as vulnerable in 2005, SHA 2 has retired, but SHA 3 was accepted as the winner of 2012 NIST, while SHA 2 was in no imminent threat of broken, they decided to raise the standard.
RIPEMD is an acronym that has an acronym. RIPEMD stands for RACE integrity primitives evaluation message digest and RACE inside of that stands for RACE stands for research and development in advanced communications technologies in Europe. What RACE do is help with integrated broadband communications in Europe and centralize cryptographic standards and management.
RIPEMD is a hash function message digest. It was originally based on MD4 and comes in different bit versions. Original RIPEMD had collision issues and was effectively replaced with RIPEMD 160, which as no known collision issues. The bit versions don’t necessarily increase security, they technically only reduce the chance of hash value collisions. This isn’t as popular as SHA or MD5.
HMAC is used as an algorithm for message authentication purposes where the authentication is applied using hash functions and a secret key to create an authentication code value. Its used to authenticate a message and provide integrity. Strength of HMAC depends on the size and type it uses, for example, SHA and the key size. A dumb way to look at this is bob putting a secret code on a message he sent to sally. Only sally and bob knows the code, which proves that bob is the sender. Now using this with one of the hashing method, you can now verify both integrity and authenticity of the message that you receive. This is used in network encryption protocols like IPsec and TLS.