Hashing algorithms with key?!?!?

I know that a hashing algorithm is a function that receive an any-length input and return a fixed-length output (e.g.: hashing(input)=digest). Alright? But I read this description

:

"Hashing algorithms, like encryption algorithms, take cleartext data and, using an encryption key, transform the cleartext data into something different and unreadable by an attacker. But what comes out of the hashing process is not ciphertext as with encryption algorithms, but rather a fixed-length hash or digest. The implication with ciphertext is that it will be deciphered. With a hash, the whole purpose is that it essentially cannot be deciphered as it is extremely infeasible to do so. The two most popular hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1). These will be discussed separately in their own sections shortly."

(source: CCNA Security, ExamCram, Stewart)

But this is wrong!!! The HMAC algorithms use a key, alright, but don't MD5 and SHA!!

Find more posts tagged with

Comments

Bl8ckr0uter

roghan wrote: »

I know that a hashing algorithm is a function that receive an any-length input and return a fixed-length output (e.g.: hashing(input)=digest). Alright? But I read this description :

"Hashing algorithms, like encryption algorithms, take cleartext data and, using an encryption key, transform the cleartext data into something different and unreadable by an attacker. But what comes out of the hashing process is not ciphertext as with encryption algorithms, but rather a fixed-length hash or digest. The implication with ciphertext is that it will be deciphered. With a hash, the whole purpose is that it essentially cannot be deciphered as it is extremely infeasible to do so. The two most popular hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1). These will be discussed separately in their own sections shortly."

(source: CCNA Security, ExamCram, Stewart)

But this is wrong!!! The HMAC algorithms use a key, alright, but don't MD5 and SHA!!

You are right, HMAC do use keys. However MD5 and SHA use a hash. input(hash)=Digest(128-bit for MD5 and 160 for SHA-1).

roghan

knwminus wrote: »

You are right, HMAC do use keys. However MD5 and SHA use a hash. input(hash)=Digest(128-bit for MD5 and 160 for SHA-1).

Then, the description of book is incorrect! In fact, in section "Exam Prep Questions" there is this question:

Which one of the following statements best compares MD5 and SHA-1 as hashing algorithms?
A. MD5 theoretically has higher security than SHA-1; however, SHA-1 remains more commonly used.
B. MD5 is not recommended for new cryptosystems because SHA-1 is preferred for its theoretically higher security.
C. SHA-1 is less resistant to a brute force attack than MD5, and its 32-bit longer buffer makes it faster than MD5.
D. SHA-1 and MD5’s security is not based on encryption keys.
E. None of the above.

and I answered D... but the correct answer is B

! Why???

Bl8ckr0uter

roghan wrote: »

Then, the description of book is incorrect! In fact, in section "Exam Prep Questions" there is this question:

Which one of the following statements best compares MD5 and SHA-1 as hashing algorithms?
A. MD5 theoretically has higher security than SHA-1; however, SHA-1 remains more commonly used.
B. MD5 is not recommended for new cryptosystems because SHA-1 is preferred for its theoretically higher security.
C. SHA-1 is less resistant to a brute force attack than MD5, and its 32-bit longer buffer makes it faster than MD5.
D. SHA-1 and MD5’s security is not based on encryption keys.
E. None of the above.

and I answered D... but the correct answer is B ! Why???

Because MD5 is weaker than SHA-1 partly due to SHA-1 having a bigger digest.
SHA hash functions - Wikipedia, the free encyclopedia

D isn't right because there are versions of those hashes that use encryption keys, Keyed MD5 and Key Sha-1

luke_bibby

I think this is one of those 'choose the best answer' scenarios.

B is correct because there are plenty of known practical attacks against MD5 whereas SHA1 is considered more secure

I believe D is correct because SHA1 and HMAC-SHA1 - as an example - are two different things:

A HMAC uses a hashing algorithm and a symmetric key to produce an message authentication code to prove the authenticity and integrity of a message
A plain old hashing algorithm takes some message and produces a fixed-length digest of the message.

So the security of hashing algorithms (ie MD5, SHA1, SHA256, etc) is not based on any keys at all

roghan

luke_bibby wrote: »

I think this is one of those 'choose the best answer' scenarios.

B is correct because there are plenty of known practical attacks against MD5 whereas SHA1 is considered more secure

I believe D is correct because SHA1 and HMAC-SHA1 - as an example - are two different things:
A HMAC uses a hashing algorithm and a symmetric key to produce an message authentication code to prove the authenticity and integrity of a message

A plain old hashing algorithm takes some message and produces a fixed-length digest of the message.

So the security of hashing algorithms (ie MD5, SHA1, SHA256, etc) is not based on any keys at all

Ok, thanks! I understand... B is the best answer, even if B is correct. "You always think as Cisco thinks", easy

, not?!