Menu
First off: I know that AES is a block cipher and not a hashing function. However, I'm stuck with a micro controller with very little RAM and flash memory, and AES-128 is already implemented on it and used for its intended purpose - encryption.
Unfortunately, I'll also have to implement a hashing function for file integrity checks on the same micro controller. Given the limited resources, I was wondering if it would be possible to use the existing AES algorithm instead of MD5 for hashing. One possibility to do that would be:
In theory, I think this should work. If there is corrupted data anywhere in the file, it would lead to differences in all subsequent blocks.
Now, the big question is: How well would this method perform in terms of collisions? Or to put it differently: How well would the final "hash" be distributed?
252
A hash, like MD5 or SHA is used to verify passwords because it's hard to invert, that is, to obtain the password from the hash-string. An AES encryption, on the other hand, is invertible, the original message can be obtained if you know the key.
To improve the quality of data security systems on smartphones, in this research the integration of AES 256 bit algorithm by using MD5 hashing is proposed. The use of MD5 aims to increase the key strength of the encryption and decryption process of document files.
Cryptographic Hash Function algorithm works by comparing the file's original and current hash values. And if a byte or even a piece of the file's data has been changed, the original and current hash values will be different, and therefore you will know whether it's the same file or not.
It sounds like you want to use AES-CMAC, an authentication algorithm based in AES.
102
Most emphatically yes you can make a hash function out of AES. In fact, a number of the submissions for the NIST SHA3 contest, which will decide the next US-government-approved hash function, do exactly that.
A traditional hash function is just a cascaded compression function, and it's easy to construct compression functions from block cyphers. (Some people have also gone the other way, and pulled the block cypher out of SHA-2 to use independantly.)
You can, of course, build a proper hash function out of it, but if all you need is file integrity, and therefore don't need it to have preimage resistance, collision resistance, or all those other properties that cryptographic hashes have against malicious adversaries, then you can probably even just put your AES chip in whatever chaining mode it has, feed in the file as the message, and use the last block as the hash. (Just pick fixed values to use for the key and IV. Nothing up my sleeve numbers that look random but aren't are probably good choices, like the first 128 bits after the decimal point in e and pi.)
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
