UNIT 2

PUBLIC KEY CRYPTOGRAPHY AND HASH ALGORITHMS

2.1 PRINCIPLES OF PUBLIC KEY CRYPTOSYSTEMS

Public key cryptography provides a secure way to exchange information and authenticate users by using
pairs of keys. The public key is used for encryption and signature verification, while the private key is
used for decryption and signing. When the two parties communicate with each other to transfer the
intelligible or sensible message, referred to as plaintext, is converted into apparently random unreadable
for security purposes referred to as ciphertext.
What is Public Key Cryptography?
Public key cryptography is a method of secure communication that uses a pair of keys, a public key,
which anyone can use to encrypt messages or verify signatures, and a private key, which is kept secret
and used to decrypt messages or sign documents. This system ensures that only the intended recipient
can read an encrypted message and that a signed message truly comes from the claimed sender. Public
key cryptography is essential for secure internet communications, allowing for confidential messaging,
authentication of identities, and verification of data integrity.
Cryptographic Key
A cryptographic key is a piece of information used by cryptographic algorithms to encrypt or decrypt
data, authenticate identities, or generate digital signatures. It serves as a parameter to control
cryptographic operations, ensuring the security and privacy of digital communications and transactions.
How Does TLS/SSL Use Public Key Cryptography?
TLS/SSL uses public key cryptography to keep our internet connections secure. It does this in two main
ways:
Encryption: When you visit a secure website (HTTPS), TLS/SSL helps encrypt data exchanged between
your browser and the website’s server. It uses a combination of public and private keys to create a secure
connection. Your browser and the server agree on a secret key for this session, which keeps your data
safe from eavesdroppers.
Authentication: TLS/SSL verifies the identity of websites. When you connect to a site, it presents a
digital certificate signed by a trusted authority. Your browser checks this certificate to ensure you’re
really connecting to the right site and not a fake one trying to steal your information.
By using public key cryptography, TLS/SSL protects our privacy online and ensures that the websites
we visit are genuine and trustworthy.

Encryption
The process of changing the plaintext into the ciphertext is referred to as encryption.
The encryption process consists of an algorithm and a key. The key is a value independent of the
plaintext.
The security of conventional encryption depends on the major two factors
 1. The Encryption algorithm
2. Secrecy of the key
Once the ciphertext is produced, it may be transmitted. The Encryption algorithm will produce a
different output depending on the specific key being used at the time. Changing the key changes the
output of the algorithm.
Once the ciphertext is produced, it may be transmitted. Upon reception, the ciphertext can be
transformed back to the original plaintext by using a decryption algorithm and the same key that was
used for encryption.

Decryption
The process of changing the ciphertext to the plaintext that process is known as decryption.
Public Key Encryption: Asymmetric is a form of Cryptosystem in which encryption and decryption
are performed using different keys-Public key (known to everyone) and Private key (Secret key). This
is known as Public Key Encryption.

Characteristics of Public Encryption key

• Public key Encryption is important because it is infeasible to determine the decryption key
given only the knowledge of the cryptographic algorithm and encryption key.
• Either of the two keys (Public and Private key) can be used for encryption with another key
used for decryption.
• Due to Public key cryptosystem, public keys can be freely shared, allowing users an easy and
convenient method for encrypting content and verifying digital signatures, and private keys can
be kept secret, ensuring only the owners of the private keys can decrypt content and create
digital signatures.
• The most widely used public-key cryptosystem is RSA (Rivest–Shamir–Adleman). The
difficulty of finding the prime factors of a composite number is the backbone of RSA.
Components of Public Key Encryption

• Plain Text: This is the message which is readable or understandable. This message is given to
the Encryption algorithm as an input.
• Cipher Text: The cipher text is produced as an output of Encryption algorithm. We cannot
simply understand this message.
• Encryption Algorithm: The encryption algorithm is used to convert plain text into cipher text.
• Decryption Algorithm: It accepts the cipher text as input and the matching key (Private Key or
Public key) and produces the original plain text
• Public and Private Key: One key either Private key (Secret key) or Public Key (known to
everyone) is used for encryption and other is used for decryption

2.2 THE RSA ALGORITHM

RSA algorithm is an asymmetric cryptography algorithm. Asymmetric actually means that it works on
two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is given
to everyone and the Private key is kept private.
The idea of RSA is based on the fact that it is difficult to factorize a large integer. The public key consists
of two numbers where one number is a multiplication of two large prime numbers. And private key is
also derived from the same two prime numbers. So if somebody can factorize the large number, the
private key is compromised. Therefore encryption strength totally lies on the key size and if we double
or triple the key size, the strength of encryption increases exponentially. RSA keys can be typically
1024 or 2048 bits long, but experts believe that 1024-bit keys could be broken in the near future. But
till now it seems to be an infeasible task.
Mechanism behind the RSA algorithm:
Generating Public Key:
Select two prime no's. Suppose P = 53 and Q = 59.
Now First part of the Public key : n = P*Q = 3127.
We also need a small exponent say e : But e Must be An integer.
Not be a factor of Φ(n).
1 < e < Φ(n) [Φ(n) is discussed below], Let us now consider it to be equal to 3.
Our Public Key is made of n and e

Generating Private Key:

We need to calculate Φ(n) :
Such that Φ(n) = (P-1)(Q-1)
so, Φ(n) = 3016
Now calculate Private Key, d : d = (k*Φ(n) + 1) / e for some integer k
For k = 2, value of d is 2011.
Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011) Now we
will encrypt “HI”:
Convert letters to numbers : H = 8 and I = 9
Thus Encrypted Data c = (89e)mod n
Thus our Encrypted Data comes out to be 1394
Now we will decrypt 1394 :
Decrypted Data = (cd)mod n
Thus our Encrypted Data comes out to be 89
8 = H and I = 9 i.e. "HI".
Advantages:

• Security: RSA algorithm is considered to be very secure and is widely used for secure data
transmission.
• Public-key cryptography: RSA algorithm is a public-key cryptography algorithm, which means
that it uses two different keys for encryption and decryption. The public key is used to encrypt
the data, while the private key is used to decrypt the data.
• Key exchange: RSA algorithm can be used for secure key exchange, which means that two
parties can exchange a secret key without actually sending the key over the network.
• Digital signatures: RSA algorithm can be used for digital signatures, which means that a sender
can sign a message using their private key, and the receiver can verify the signature using the
sender’s public key.
• Speed: The RSA technique is suited for usage in real-time applications since it is quite quick
and effective.
• Widely used: Online banking, e-commerce, and secure communications are just a few fields
and applications where the RSA algorithm is extensively developed.
Disadvantages:

• Slow processing speed: RSA algorithm is slower than other encryption algorithms, especially
when dealing with large amounts of data.
• Large key size: RSA algorithm requires large key sizes to be secure, which means that it
requires more computational resources and storage space.
• Vulnerability to side-channel attacks: RSA algorithm is vulnerable to side-channel attacks,
which means an attacker can use information leaked through side channels such as power
consumption, electromagnetic radiation, and timing analysis to extract the private key.
• Limited use in some applications: RSA algorithm is not suitable for some applications, such
as those that require constant encryption and decryption of large amounts of data, due to its
slow processing speed.
• Complexity: The RSA algorithm is a sophisticated mathematical technique that some
individuals may find challenging to comprehend and use.
• Key Management: The secure administration of the private key is necessary for the RSA
algorithm, although in some cases this can be difficult.
• Vulnerability to Quantum Computing: Quantum computers have the ability to attack the RSA
algorithm, potentially decrypting the data.
2.3 KEY MANAGEMENT
Key management refers to the processes and procedures involved in generating, storing, distributing,
and managing cryptographic keys used in cryptographic algorithms to protect sensitive data. It
ensures that keys used to protect sensitive data are kept safe from unauthorized access or loss. Good
key management helps maintain the security of encrypted information and is important for protecting
digital assets from cyber threats. Effective key management is crucial for ensuring the confidentiality,
integrity, and availability of encrypted information by securing cryptographic keys from unauthorized
access, loss, or compromise.
In symmetric key cryptography, a single shared key does both jobs, so the same key must be kept
secret between users. In asymmetric key cryptography, there are two keys: a public key that anyone
can use to encrypt messages or verify signatures, and a private key that only the owner uses to decrypt
messages or create signatures.
There are two aspects of Key Management:
1. Distribution of public keys.
2. Use of public-key encryption to distribute secrets.
Distribution of Public Key
The public key can be distributed in four ways:
1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates.

1. Public Announcement: Here the public key is broadcast to everyone. The major
weakness of this method is a forgery. Anyone can create a key claiming to be someone

else and broadcast it. Until forgery is discovered can masquerade as claimed user.
2. Publicly Available Directory: In this type, the public key is stored in a public directory.
Directories are trusted here, with properties like Participant Registration, access and allow to
modify values at any time, contains entries like {name, public-key}. Directories can be
accessed electronically still vulnerable to forgery or tampering.
3. Public Key Authority: It is similar to the directory but, improves security by tightening
control over the distribution of keys from the directory. It requires users to know the public
key for the directory. Whenever the keys are needed, real-time access to the directory is made
by the user to obtain any desired public key securely.
4. Public Certification: This time authority provides a certificate (which binds an identity
to the public key) to allow key exchange without real-time access to the public authority each
time. The certificate is accompanied by some other info such as period of validity, rights of
use, etc. All of this content is signed by the private key of the certificate authority and it can
be verified by anyone possessing the authority’s public key. First sender and receiver both
request CA for a certificate which contains a public key and other information and then they
can exchange these certificates and can start communication.

Key Management Lifecycle

The key management lifecycle outlines the stages through which cryptographic keys are generated,
used, and eventually retired or destroyed. Proper management of these keys is critical to ensuring the
security of cryptographic systems. Here’s an overview of each stage:
1. Key Generation:
• Creation: Keys are created using secure algorithms to ensure randomness and strength.
• Initialization: Keys are initialized with specific parameters required for their intended
use (e.g., length, algorithm).
2. Key Distribution:
• Sharing: For symmetric keys, secure methods must be used to share the key between
parties.
• Publication: For asymmetric keys, the public key is shared openly, while the private
key remains confidential.
3. Key Storage:
• Protection: Keys must be stored securely, typically in hardware security modules
(HSMs) or encrypted key stores, to prevent unauthorized access.
• Access Control: Only authorized users or systems should be able to access keys.
4. Key Usage:
• Application: Keys are used for their intended cryptographic functions, such
as encrypting/decrypting data or signing/verifying messages.
• Monitoring: Usage is monitored to detect any unusual or unauthorized activities.
5. Key Rotation:
• Updating: Keys are periodically updated to reduce the risk of exposure or compromise.
• Re-Keying: New keys are generated and distributed, replacing old ones while ensuring
continuity of service.
6. Key Revocation:
• Invalidation: Keys that are no longer secure or needed are invalidated.
• Revocation Notices: For public keys, revocation certificates or notices are distributed
to inform others that the key should no longer be trusted.
7. Key Archival:
• Storage: Old keys are securely archived for future reference or compliance purposes.
• Access Restrictions: Archived keys are kept in a secure location with restricted access.
8. Key Destruction:
• Erasure: When keys are no longer needed, they are securely destroyed to prevent any
possibility of recovery.
• Verification: The destruction process is verified to ensure that no copies remain.

2.4 DIFFIE HELMAN KEY EXCHANGE

The Diffie-Hellman key exchange (also known as exponential key exchange) is a method for securely
exchanging cryptographic keys over an insecure channel. It is a fundamental building block of many
secure communication protocols, including SSL/TLS and SSH.

The Diffie-Hellman key exchange works by allowing two parties (Alice and Bob) to agree on a shared
secret key over an insecure channel, without any other party being able to intercept the key or learn
anything about it. The key exchange involves the following steps −

• Alice and Bob agree on two large prime numbers, p and g, and a public key exchange algorithm.
• Alice chooses a secret integer, a, and computes A = g^a mod p. She sends A to Bob.
• Bob chooses a secret integer, b, and computes B = g^b mod p. He sends B to Alice.
• Alice computes s = B^a mod p. Bob computes s = A^b mod p.
• Alice and Bob now both have shared secret keys, which they can use to establish a secure
communication channel.
Where is Diffie-Hellman Key Exchange Used?
• Secure communication protocols − The Diffie-Hellman key exchange is used in many secure
communication protocols, such as SSL/TLS and SSH, to establish a secure channel between
two parties. It allows the parties to agree on a shared secret key that can be used to encrypt and
decrypt messages exchanged over the channel.
• Virtual private networks (VPNs) − The Diffie-Hellman key exchange is often used
in VPNs to establish a secure connection between a client and a server. It allows the client and
server to agree on a shared secret key that can be used to encrypt and decrypt traffic exchanged
over the VPN connection.
• Secure file transfer protocols − The Diffie-Hellman key exchange is used in many secure file
transfer protocols,such as SFTP and FTPS, to establish a secure channel for transferring files
between two parties.It allows the parties to agree on a shared secret key that can be used to
encrypt and decrypt the transferred files.
• Other applications − The Diffie-Hellman key exchange is also used in many other applications
where secure communication is required, such as secure email, secure web browsing, and
secure voice over IP (VoIP). It is a flexible and widely supported technique for establishing
secure communication channels.

The key exchange involves the following steps −

• Alice and Bob agree on two large prime numbers, p and g, and a public key exchange algorithm.
• Alice chooses a secret integer, a, and computes A = g^a mod p. She sends A to Bob.
• Bob chooses a secret integer, b, and computes B = g^b mod p. He sends B to Alice.
• Alice computes s = B^a mod p. Bob computes s = A^b mod p.
• Alice and Bob now both have the shared secret key s, which they can use to establish a secure
communication channel.
Vulnerabilities of Diffie-Hellman Key Exchange
• Man-in-the-middle attacks − If an attacker is able to intercept and modify the messages
exchanged between Alice and Bob during the key exchange, they may be able to impersonate
Alice or Bob and establish a secure channel with the other party. This can be prevented by using
certificate-based authentication and/or by verifying the authenticity of the messages using
message authentication codes (MACs).
• Small subgroup attacks − If the prime number p used in the key exchange has a small
subgroup, an attacker may be able to use this to their advantage to recover the shared secret
key. To prevent this, it is important to use a large prime number with no known small
subgroups.
• Exponent attacks − If the secret exponents (a and b) used in the key exchange are not chosen
randomly, an attacker may be able to use this to their advantage to recover the shared secret
 key. To prevent this, it is important to use a strong random number generator to generate the
secret exponents.
2.5 HASH FUNCTIONS

A hash function in cryptography is like a mathematical function that takes various inputs, like messages
or data, and transforms them into fixed-length strings of characters. Means the input to the hash function
is of any length but output is always of fixed length. This is like compressing a large balloon into a
compact ball.

The importance of this process lies in its generation of a unique "fingerprint" for each input. Any minor
alteration in the input results in a substantially different fingerprint, a quality known as "collision
resistance."

Hash functions play a crucial role in various security applications, including password storage (hash
values instead of passwords), digital signatures, and data integrity checks. Hash values, or message
digests, are values that a hash function returns.

• Hash functions are mathematical operations that "map" or change a given collection of data
into a fixed-length bit string that is referred to as the "hash value."
• Hash functions have a variety of complexity and difficulty levels and are used in cryptography.
• Cryptocurrency, password security, and communication security all use hash functions.
Properties of hash functions

Pre-Image Resistance

• According to this feature, reversing a hash function should be computationally difficult.

• In other words, if a hash function h generates a hash value z, it should be difficult to identify
an input value x that hashes to z.
• This feature defends against an attacker attempting to locate the input with just the hash value.

Second Pre-Image Resistance

• This property says that given an input and its hash, it should be difficult to find another input
with the same hash.
• In other words, it should be challenging to find another input value y such that h(y) equals h(x)
if a hash function h for an input x returns the hash value h(x).
• This feature of the hash function protects against an attacker who wants to replace a new value
for the original input value and hash, but only holds the input value and its hash.

Collision Resistance

• This feature says that it should be difficult to identify two different inputs of any length that
produce the same hash. This characteristic is also known as a collision-free hash function.
• In other words, for a hash function h, it is difficult to identify two distinct inputs x and y such
that h(x)=h(y).
• A hash function cannot be free of collisions because it is a compression function with a set hash
length. The collision-free condition simply indicates that these collisions should be difficult to
locate.
• This characteristic makes it very hard for an attacker to identify two input values that have the
same hash.
• Furthermore, a hash function is second pre-image resistant if it is collision-resistant.

Efficiency of Operation

• Computation of h(x) for any hash function h given input x can be an easy process.
• Hash functions are computationally considerably faster than symmetric encryption.

Fixed Output Size

Hashing generates an output of a specific length, regardless of the input size, and helps to make an
output of the same size from different input sizes.

Deterministic

For a given input, the hash function consistently produces the same output, like a recipe that always
yields the same dish when followed precisely.

Fast Computation

Hashing operations occur rapidly, even for large amounts of data sets.
Design of Hashing Algorithms

Hashing essentially involves a mathematical function that takes two data blocks of fixed size and
converts them into a hash code. The function is a key part of the hashing algorithm. The length of these
data blocks differ according to the algorithm used. Usually, they range from 128 bits to 512 bits.

Hashing algorithms use a sequence of rounds, similar to a block cipher, to process a message. In each
round, a fixed-size input is used, which usually combines the current message block and the result from
the previous round.

This process continues for multiple rounds until the entire message is hashed.

Due to the interconnected nature of hashing, where the output of one operation affects the input of the
next, even a minor change (a single bit difference) in the original message can drastically alter the final
hash value.

This phenomenon is known as the avalanche effect. Additionally, it's crucial to distinguish between a
hash function and a hashing algorithm. The hash function itself takes two fixed-length binary blocks of
data and generates a hash code.

A hashing algorithm, on the other hand, establishes how the message is divided into blocks and how
the outcomes of multiple hash operations are combined.
Popular Hash Functions

Hash functions play an important role in computing, providing versatile capabilities like: Quick retrieval
of data, Secure protection of information (cryptography), Ensuring data remains unaltered (integrity
verification). Some commonly used hash functions are −

1.Message Digest (MD)

For a number of years, MD5 was the most popular and often used hash function.

• The hash functions MD2, MD4, MD5, and MD6 are members of the MD family. It was adopted
as the RFC 1321, Internet Standard. It is a 128-bit hash function.
• In the software industry, MD5 digests are frequently used to ensure the integrity of transferred
files. To enable users to compare the checksum of the downloaded file with the pre-computed
MD5 checksum, file servers frequently provide this feature.
• In 2004, collisions were found in MD5. It was claimed that an analytical attack using a
computer cluster was successful in under one hour. Since MD5 was compromised by this
collision attack, using it is no longer recommended.

2.Secure Hash Function (SHA)

The four SHA algorithms which make up the SHA family are SHA-0, SHA-1, SHA-2, and SHA-3.
Despite coming from the same family, the structure of it differs.

• The National Institute of Standards and Technology (NIST) released the first iteration of the
160-bit hash algorithm, known as SHA-0, in 1993. It did not gain much popularity and had few
drawbacks. SHA-1 was created later in 1995 to address perceived flaws in SHA-0.
• SHA-1 is the most widely used of the existing SHA hash functions. It is used in most of the
applications and protocols including Secure Socket Layer (SSL) security.
• In 2005, a technique was discovered for SHA-1 collision detection that can be used in a realistic
time frame. So it is doubtful on SHA-1's long-term usability.
• SHA-224, SHA-256, SHA-384, and SHA-512 are the other four SHA variants in the SHA-2
family, which vary based on the number of bits in their hash value. The SHA-2 hash function
has not yet been the target of any effective attacks
• Though SHA-2 is a strong hash function. Though significantly different, its basic design still
follows the design of SHA-1. NIST thus demanded the creation of new competitive hash
function designs.
• The Keccak algorithm was selected by the NIST in October 2012 to replace the SHA-3
standard. Keccak has several advantages, including effective operation and strong attack
resistance.

3. CityHash

CityHash is another non-cryptographic hash function that is designed for fast hashing of large amounts
of data. It is optimized for modern processors and offers good performance on both 32-bit and 64-bit
architectures.

4.BLAKE2

BLAKE2 is a fast and secure hash function that improves upon SHA-3. It is widely used in applications
like cryptocurrency mining that need fast hashing. There are two types of BLAKE2 −

• BLAKE2b − Best for 64-bit computers, it produces hash values up to 512 bits long.
 • BLAKE2s − Best for smaller computers (8-32 bits), it produces hash values up to 256 bits long.

5.CRC (Cyclic Redundancy Check)

CRC (Cyclic Redundancy Check) is a technique used to detect errors in data transfer. It involves adding
a special value called a checksum to the end of a message. This checksum is calculated based on the
message's content and is included during transmission.

When the data is received, the recipient recalculates the checksum using the same method. If the new
checksum matches the original one, it's likely that the message was transmitted without errors. While
CRC is effective for error detection, it's not a security measure. It is primarily used to ensure the integrity
of data during transmission, not to protect it from unauthorized access or modification.

2.6 HASH ALGORITHMS(MD5, SECURE HASH ALGORITHM)

MD5
MD5 is a cryptographic hash function algorithm that takes the message as input of any length and
changes it into a fixed-length message of 16 bytes. MD5 algorithm stands for the message-digest
algorithm. MD5 was developed as an improvement of MD4, with advanced security purposes. The
output of MD5 (Digest size) is always 128 bits. MD5 was developed in 1991 by Ronald Rivest.
Use Of MD5 Algorithm:
• It is used for file authentication.
• In a web application, it is used for security purposes. e.g. Secure password of users etc.
• Using this algorithm, We can store our password in 128 bits format.

Working of the MD5 Algorithm:

1. Append Padding Bits:

In the first step, we add padding bits in the original message in such a way that the total length
of the message is 64 bits less than the exact multiple of 512.
Suppose we are given a message of 1000 bits. Now we have to add padding bits to the original
message. Here we will add 472 padding bits to the original message. After adding the
padding bits the size of the original message/output of the first step will be 1472 i.e. 64 bits
less than an exact multiple of 512 (i.e. 512*3 = 1536).

Length(original message + padding bits) = 512 * i – 64

where i = 1,2,3 . . .

2. Append Length Bits:

In this step, we add the length bit in the output of the first step in such a way that the total
number of the bits is the perfect multiple of 512. Simply, here we add the 64-bit as a length
bit in the output of the first step. i.e. output of first step = 512 * n – 64
length bits = 64.
After adding both we will get 512 * n i.e. the exact multiple of 512.
3. Initialize MD buffer:
Here, we use the 4 buffers i.e. J, K, L, and M. The size of each buffer is 32 bits.
 - J = 0x67425301
- K = 0xEDFCBA45
- L = 0x98CBADFE
- M = 0x13DCE476
4. Process Each 512-bit Block:
This is the most important step of the MD5 algorithm. Here, a total of 64 operations are
performed in 4 rounds. In the 1st round, 16 operations will be performed, 2nd round 16 operations
will be performed, 3rd round 16 operations will be performed, and in the 4th round, 16 operations
will be performed. We apply a different function on each round i.e. for the 1st round we apply the F
function, for the 2nd G function, 3rd for the H function, and 4th for the I function. We perform OR,
AND, XOR, and NOT (basically these are logic gates) for calculating functions. We use 3 buffers for
each function i.e. K, L, M.
- F(K,L,M) = (K AND L) OR (NOT K AND M)
- G(K,L,M) = (K AND L) OR (L AND NOT M)
- H(K,L,M) = K XOR L XOR M
- I(K,L,M) = L XOR (K OR NOT M)
After applying the function now we perform an operation on each block. For performing operations
we need
• add modulo 232
• M[i] – 32 bit message.
• K[i] – 32-bit constant.
• <<<n – Left shift by n bits.
Now take input as initialize MD buffer i.e. J, K, L, M. Output of K will be fed in L, L will be fed
into M, and M will be fed into J. After doing this now we perform some operations to find the output
for J.
• In the first step, Outputs of K, L, and M are taken and then the function F is applied to
them. We will add modulo 2 32 bits for the output of this with J.
• In the second step, we add the M[i] bit message with the output of the first step.
• Then add 32 bits constant i.e. K[i] to the output of the second step.
• At last, we do left shift operation by n (can be any value of n) and addition modulo by
232.
After all steps, the result of J will be fed into K. Now same steps will be used for all functions G, H,
and I. After performing all 64 operations we will get our message digest.
Output:
After all, rounds have been performed, the buffer J, K, L, and M contains the MD5 output starting
with the lower bit J and ending with Higher bits M.

Advantages of MD5 Algorithm:

• MD5 is faster and simple to understand.

• MD5 algorithm generates a strong password in 16 bytes format.
All developers like web developers etc use the MD5 algorithm to
secure the password of users.
 • To integrate the MD5 algorithm, relatively low memory is
necessary.
• It is very easy and faster to generate a digest message of the
original message.

Disadvantages of MD5 Algorithm:

• MD5 generates the same hash function for different inputs.

• MD5 provides poor security over SHA1.
• MD5 has been considered an insecure algorithm. So now we are
using SHA256 instead of MD5
• MD5 is neither a symmetric nor asymmetric algorithm.

Secure Hash Algorithm 1

SHA-1 or Secure Hash Algorithm 1 is a cryptographic algorithm which takes an input and produces
a 160-bit (20-byte) hash value. This hash value is known as a message digest. This message digest is
usually then rendered as a hexadecimal number which is 40 digits long.

It is a U.S. Federal Information Processing Standard and was designed by the United States National
Security Agency. SHA-1 is now considered insecure since 2005. Major tech giants browsers like
Microsoft, Google, Apple and Mozilla have stopped accepting SHA-1 SSL certificates by 2017.

To calculate cryptographic hashing value in Java, MessageDigest Class is used, under the
package java.security. MessageDigest Class provides following cryptographic hash function to find
hash value of a text as follows:
• MD2
• MD5
• SHA-1
• SHA-224
• SHA-256
• SHA-384
• SHA-512
These algorithms are initialized in static method called getInstance(). After selecting the algorithm
the message digest value is calculated and the results are returned as a byte array. BigInteger class is
used, to convert the resultant byte array into its signum representation.

Applications:
• Cryptography: The main application of SHA1 is to protect communications from
being intercepted by outside parties. From a given data input, SHA1 generates a fixed-
size, singular, and irreversible hash value. The integrity of the data can then be confirmed
by comparing this hash value to the original hash value. This makes it possible to confirm
that the data was not changed or tampered with in any manner during transmission.
• Data Integrity: In many industries, such as finance, healthcare, and government, data
integrity is a major concern. Data integrity in a system is checked using the SHA1
algorithm. A fingerprint of the original data is created using a hash value produced by
the SHA1 algorithm. If the data changes in any way, the hash value will also change,
indicating that the data has been tampered with.
• Digital Signatures: Digital signatures are used to confirm the legitimacy of digital
documents and messages. The digital document or communication is hashed using the
SHA1 technique, and its hash value is subsequently encrypted with the sender’s private
key. Using the sender’s public key to decode the message, the recipient can then compare
the hash value to the original value.
• Digital Forensics: In digital forensics, a hash of a file containing digital evidence can
be produced using the SHA1 algorithm. To ensure that the evidence hasn’t been altered
with during the investigation, utilize this hash value as proof. It gives proof that the file
has not been altered if the hash values of the original file and the evidence file match.
• Password Storage: SHA1 can be used to save passwords. A hash of the password is
generated using SHA1 when a user creates a password. The password itself is then
substituted in a database for the hash value. The user’s password is hashed with SHA1
when they attempt to log in, and the resulting hash is compared to a previously generated
hash.
• Software Updates: The integrity of software updates can be guaranteed using SHA1.
The SHA1 hash of the update file can be made public on the software vendor’s website
when an update is made available. By comparing the hash of the downloaded file with
the published hash, users can download the update and ensure its integrity.