Message Digests

Message Digest:

• A message digest is a sequence of bits produced for an input string, using an one-way function. 

• The input string could be a phrase or a number sequence from the mind of a person, from a text written on a paper, from an operating system file or from a database table.

• As the name suggests, it is of very short form, a digest, regardless of the size of the input string. As of this writing, commonly used message digests vary from 128 bits to 512 bits and more. For example, a message as succinct as "Hello World!" and a file content running to several Giga Bytes, both will produce the message digests of same given length. For example, 512 bits using a specific algorithm such as SHA-512.

• Thus, the process of hashing produces a hash(message digest) which is cryptic enough to the extent that from the hash, the input that created the hash can not be derived. Hashing does not involve any key and the produced message digest is not meant for decryption.

• When a message is sent over the network from one place to another, the message is verified for its authenticity by calculating the hash again using the chosen hashing algorithm. If the hashes match, the message is not altered en-route and considered authentic.

• There are various algorithms that produce message digests: MD5, SHA, BLAKE and others.

Essential properties of a Message Digest function:

• Preimage resistance: Preimage resistance can be read as the “infeasibility to retrieve the original message,i.e,the preimage, from a message digest”.

• Second preimage resistance: Second preimage is the term used to refer to a message(m2) for which a hash function will produce the same hash as for a given first message(m1). Second preimage resistance is the “infeasibility to find a second message(m2), that corresponds to a message digest produced for a given message(m1)”. Of course, the precondition is m1 should not be equal to m2.

• Collision-resistance: Collision-resistance means any two input messages should not produce the same message digest.

• Avalanche Effect: When a single character changes in the input message, the corresponding message digest drastically changes.

The MDx Message Digest Functions:

• The MDx group of message digest functions, the MD2, MD4 and MD5 were developed by Prof.Ronald Rivest as an improvement over each of its current version.

• All of them were popular and were used in SSL certificates as well.

• However, all of them are now obsolete to be used as a secure hash and hence not recommended for using in any non-trivial application.

SHA Messsage Digest Functions:

• SHA stands for Secure Hash Algorithms, which are a set of hash functions that include SHA-0, SHA-1, SHA-2 and SHA-3.

• SHA-0 and SHA-1 are no longer recommended for using in any secure applications.

• SHA-2 consists of SHA-256 and SHA-512 algorithms. SHA-256 works on 32 bit sized words and emits a message digest of 256 bits length. The SHA-512 hash function works on 64 bit sized words and outputs a message digest with a length of 512 bits.

• The applications of SHA-256 hash function encompasses

  • Password Hashes

  • The TLS protocol

  • Creation of Merkle Root in the Bitcoin blocks and creation of Bitcoin addresses

Message Digest functions supported by the hashlib module of Python:

• As of this writing, Python supports message digests based on the MDx,SSH and BLAKE algorithms. The following Python program lists the message digests supported by the hashlib library of Python.

Example 1 - List the hash functions in hashlib:

Output:

Example 2 - Generate MDx, SHA and BLAKE hashes using Python:

Output: