Message Digests

A message digest function is an algorithm that converts variable messages to a unique fixed length value. The same input always produces the same output from any particular algorithm. For example, the MD5 algorithm reduces any message to a 128-bit digest.

Good message digest functions have the following properties:

• Every binary digit, bit, of input message data influences the content of the message digest. Otherwise, some of the input data would not be protected from modification.
• If any bit of the input message is changed then each bit of the message digest has a probably of being changed of 0.5. This makes it difficult to crack the algorithm.
• It should be infeasible to find two messages with the same message digest. Otherwise, an attacker could substitute a signed message or someone could repudiate a transaction by claiming to have signed a different message.

There are several security uses of message digests. For example:

• Virus checkers and other forms of security scanner produce digests of the files they are protecting. They periodically calculate the digest for each file. If the digest has changed since the last calculation then there may have been a security breach.
• Message authentication codes (MAC) are used to seal messages. Messages are transmitted along with their digest, or MAC. On receipt of the message, the receiver recalculates the MAC; if it agrees with the received MAC then the message has not been modified in transit. HMAC is an example MAC it can use one of several digest algorithms to generate a MAC.

Message digests cannot practically be used to reproduce the original message. However, in some cases the digest can be used to represent the original message. For example:

• Digital signatures are calculated using message digest rather than the original message. This has performance benefit, it requires far less processing power to produce a message digest and then sign it than sign the original large message.
• Authentication data such as passwords and challenge data can be transmitted as message digests.

  For example, the RADIUS protocol is used to authenticate users of networks. A RADIUS client collects authentication data, combines it with a shared secret, produces an MD5 digest and transmits it to a RADIUS server. The RADIUS server uses the same algorithm on its stored version of the authentication data. If the two digests match then authentication succeeds.

Several message digest functions have been standardised. The following are the most important:

• MDn
  Ronald Rivest has specified a number of message algorithms. All produce a 128-bit digest. Each specifies a stronger algorithm than the earlier specifications, designed to make use of the greater processing power available.
• SHA1
  This 160-bit digest algorithm was originally developed by the US government; it is now publicly available as an RFC.
• RIPEMD
  128-bit and 160-bit message digest algorithms developed from an EU project.

• R. Rivest (1992). The MD5 Message-Digest Algorithm. Network Working Group. RFC 1321.
• D. Eastlake, P. Jones (2001). US Secure Hash Algorithm 1. Network Working Group. RFC 3174.
• H. Krawczzyk, M. Bellare, R. Cannetti (1997). HMAC: Keyed Hashing for Message Authentication. Network Working Group. RFC2104.
• C. Rigney, S. Willens, A. Rubens, W.Simpson (2000). Remote Authentication Dial In User Service (RADIUS). Network Working Group. RFC 2865.
• H. Dobbertin, A. Bosselaers, B. Preneel (1996). RIPEMD-160 A Strengthened Version of RIPEMD.