Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL encryption, SHA-1 and SHA-2

I am trying to implement SHA-2 encryption instead of SHA-1.

For this, I know that the number of bits between these two hash algorithms are different, and it confuses me.

How can this be achieved and at what parts do I need to make required changes?

I can use any open source library from Java, Python and any other major programming language.

like image 276
Hellnar Avatar asked May 13 '10 13:05

Hellnar


4 Answers

First of all, neither SHA-1 nor anything related to SHA-2 is an "encryption" algorithm. They are hash functions. In SSL, hash functions are used mostly for integrity, not confidentiality, through the HMAC construction. A hash function takes an input of arbitrary length, and produces an output with a fixed length, which is a kind of "digest" of the input data; the operation is meant not to be reversible.

A hash function is "public": there is no confidential data, no key; everybody can compute the hash function output on any given input. A "message authentication code" (MAC) is a kind of "keyed hash": a secret key (i.e. an arbitrary bunch of bits) is also input in the process, so that knowledge of the key is necessary to (re-)compute the MAC output. This is used for integrity checks (the sender uses the key to compute the MAC, the receiver uses the key to recompute the MAC; if the MAC matches, then the data is correct, because an attacker, not knowing the key, could not have altered the data and computed a valid MAC on the altered data).

HMAC is a construction which turns a hash function (such as SHA-1) into a MAC. TLS (that's the current, standard name of SSL) uses HMAC. The output of HMAC, when used with a given hash function h, has the same size than the output of h. That output can be conventionally truncated: HMAC/SHA-1 nominally produces a 160-bit output, but it is customary, in some protocols, to keep only the first 96 bits. Such truncation does not occur in SSL.

The FIPS 180-3 standard defines five hash functions, named SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512, with output lengths of 160, 224, 256, 384 and 512 bits respectively. The SHA-224, SHA-256, SHA-384 and SHA-512 functions are colloquially known as "SHA-2", so "SHA-2" is not one function, but a family of four hash functions.

The TLS specification defines cipher suites. A cipher suite is a set of cryptographic algorithms that the client and server agree upon during the initial phase of the connection (the "handshake"). Among the algorithms is the MAC to use to ensure data integrity. Some of the standard cipher suites specify that the MAC shall be "HMAC with SHA-256", i.e. something which uses one of the SHA-2 functions.

So the answer to your question is: "just configure the client and server to use one of the cipher suites with HMAC/SHA-256". If your SSL implementation does not support such cipher suites, then you will have to modify it, which will entail understanding quite thoroughly how SSL works; reading and understanding the complete RFC 5246 will be necessary.

like image 166
Thomas Pornin Avatar answered Oct 05 '22 06:10

Thomas Pornin


The hashlib module and MessageDigest support all SHA-2 algorithms.

like image 39
Ignacio Vazquez-Abrams Avatar answered Oct 05 '22 07:10

Ignacio Vazquez-Abrams


So far as I can see, everything you need to know to implement SHA256 in SSL is covered in RFC 5246.

But I suspect you're nowhere near understanding enough cryptography to do this... SHA 2 doesn't exist, you're looking for SHA256, SHA384 or SHA512, and it is not an encryption algorithm, but instead a cryptographic hash function.

So, what are you actually trying to do?

like image 27
Andrew McGregor Avatar answered Oct 05 '22 05:10

Andrew McGregor


I'm sure you will see more and more of this question. GoDaddy now has an option when submitting a certificate signing request, to specify whether you are going to be using SHA1 or SHA2.

This was an interesting read here though. I knew basically what it was asking and how to force my server to use a cypher that used one or the other. Not sure I knew exactly what the difference was or why it would be better to use one or the other though.

like image 25
wired420 Avatar answered Oct 05 '22 05:10

wired420