Hashing Algorithms – CompTIA Security+ SY0-501 – 6.2

There are many methods and implementations of cryptographic hashing. In this video, you’ll learn about some of the most popular hashing algorithms.

<< Previous Video: Asymmetric Algorithms Next: Key Stretching Algorithms >>

One type of hash that’s been around for a while but you’ll still see it in use today is MD5, or the MD5 Message Digest Algorithm. And it was created by Ronald Rivest. It was published in April of 1992. And it was designed to replace MD4 with this newer version called MD5.

But in 1996, some vulnerabilities were found with collisions with MD5. This is an example of a collision with MD5, you can see there are some minor differences between these two. Everything in red is different. Although it is a very similar set of text that will be hashed, but is supposed to provide a different hash for both of those. And unfortunately there’s a collision because the MD5 hash is identical.

In 2008, researchers were able to build a certificate that appeared to be from a certificate authority, but in fact was not a legitimate CA certificate. But if you checked it with MD5, it appeared that the certificate was legitimate. So because of these vulnerabilities with MD5, these researchers were able to create certificates that appeared to be issued by rapid SSL. This is just one of the reasons why you’ll no longer see MD5 used for things like web server certificates.

In it’s place, you’ll probably see SHA, or the Secure Hash Algorithm. This is a hashing algorithm created by the National Security Agency of the United States. And it’s part of the Federal Information Processing Standard or FIPS.

The first variant of SHA was SHA-1. It had a 160-bit digest that was created for the hash. But unfortunately in 2005 there were collisions found with SHA-1.

SHA-1 was updated to a new variant called SHA-2. SHA-2 was able to create digests up to 512 bits long, making it much more difficult to have a collision. And now we generally see SHA-2 used instead of SHA-1.

A very fast form of hashing is HMAC. This is hash-based message authentication code, where you combine a hash with a secret key. Commonly you’ll see this referred to as HMAC-MD5 or HMAC-SHA1.

One of the benefits of HMAC is it not only provides the data integrity that you would get with a hash, but it also provides authenticity. It is able to do this without using the slower asymmetric encryption, which is why you commonly see HMAC used for network protocols. If you’re using IPsec or TLS, you’re probably using some form of HMAC.

Another hash method commonly used for networks is RIPE MD. This is the Race Integrity Primitives Evaluation Message Digest. RACE is the research and development in advanced communication and technologies in Europe.

When Europe was creating a very large integrated broadband network, they needed some form of message digest. So they created RIPEMD. Collisions were found with RIPEMD in 2004. So they replaced it with RIPEMD-160, which does not have any known collision problems. Although this was based upon MD4, it effectively performs similar to SHA-1. You’ll see versions of RIPEMD called RIPEMD-128, RIPEMD-256 and RIPEMD-320.