(Halfway through Walkthrough)
Line 1: Line 1:
Hey Today we are talking about code anoymization. Let's Define an equation: <math>Y=x^2</math>
== Introduction ==
In today’s world, the average person has 70-80 different passwords across multiple accounts. While users wouldn’t care if their Webkinz password got leaked, bank account details being stolen is much more detrimental to users. In order to keep them safe, banks are required by the FTC to have proper security to keep users passwords safe and a common method is password hashing. First of all what is hashing? Hashing is a method of making a string of text into a fixed size. Early hashing algorithms weren’t used for the use of encryption but data compression.The first person to use hashing was HP Luhn. HP Luhn, in an internal memo of IBM written in 1953, talked about putting information into buckets to speed up a searches. For example, a phone number like 508 905 9318 would be broken down into 5 numbers (50,89,05,93,18) and a new set of numbers was generated by adding the digits together (5,17,5,12,9), or bucket 5175129. Now if we needed to retrieve this phone number and the relevant information that is grouped with the phone number, we just need to calculate the hash value. Although this hash bucket may have multiple values, it's easier to search through a smaller bucket versus the entire database. Over the years, computer scientists have improved his algorithms and is now used in a variety of contexts such as cryptography, graphics, and as we talk about in this article, password hashing. Again, password hashing takes the plaintext password, and turns it into a series of unintelligible characters called ciphertext. This way if a hacker gets into the system, the hacker needs to decrypt the ciphertext.

Revision as of 11:39, 29 November 2022


In today’s world, the average person has 70-80 different passwords across multiple accounts. While users wouldn’t care if their Webkinz password got leaked, bank account details being stolen is much more detrimental to users. In order to keep them safe, banks are required by the FTC to have proper security to keep users passwords safe and a common method is password hashing. First of all what is hashing? Hashing is a method of making a string of text into a fixed size. Early hashing algorithms weren’t used for the use of encryption but data compression.The first person to use hashing was HP Luhn. HP Luhn, in an internal memo of IBM written in 1953, talked about putting information into buckets to speed up a searches. For example, a phone number like 508 905 9318 would be broken down into 5 numbers (50,89,05,93,18) and a new set of numbers was generated by adding the digits together (5,17,5,12,9), or bucket 5175129. Now if we needed to retrieve this phone number and the relevant information that is grouped with the phone number, we just need to calculate the hash value. Although this hash bucket may have multiple values, it's easier to search through a smaller bucket versus the entire database. Over the years, computer scientists have improved his algorithms and is now used in a variety of contexts such as cryptography, graphics, and as we talk about in this article, password hashing. Again, password hashing takes the plaintext password, and turns it into a series of unintelligible characters called ciphertext. This way if a hacker gets into the system, the hacker needs to decrypt the ciphertext.

SHA-1 Walkthrough

Step 1:

Initialize 5 Random strings

H1 = 0x67452301
H2 = 0xEFCDAB89
H3 = 0x98BADCFE
H4 = 0x10325476
H5 = 0xC3D2E1F0

Step 2:

Take the word you want to hash (in binary), and append a 1 to the end of it. Then append as many zeros as it takes to make it divisible by 512, with the length of the message in a 64 bit integer appended at the end of the string.


The word "Hello" in binary is:

                     01001000 01100101 01101100 01101100 01101111
                       (H)      (e)      (l)      (l)      (o)

Add 1 to the end:

= 01001000011001010110110001101100011011111

Since "Hello" is less than 448 we add 0’s until the string is 448 bits long:

= 01001000011001010110110001101100011011111000…0 (len = 448 bits)

Lastly take the length of the string before processing (40 bits in this case) append that as a 64 bit integer

= ...0000101000 (length of added bits = 64)

So total length is 512 in this example


Step 3A

Break message into 512-bit chunks

Taking the example from above, since it is 512 bits, we will only have one chunk

Step 3B

Break each chunk into 16, 32-bit words


The words would be

    W0 = 01001000011001010110110001101100
W1 = 01101111100000000000000000000000
W2-W14 = 00000000000000000000000000000000
W15 = 00000000000000000000000000101000

Step 4

Extend the first chunk to 80 32-bit words using the function

for i from 16 to 79
     w[i] = (w[i-3] xor w[i-8] xor w[i-14] xor w[i-16]) leftrotate 1


 Using the example we have been using, the first iteration would go like this:
   w[16] = (w[16-3] xor w[16-8] xor w[16-14] xor w[16-16]) leftrotate 1
   w[16] = (w[13] xor w[8] xor w[2] xor w[0]) leftrotate 1
 The xor function will compare the bits of the two strings in in each index
and give an output based on the input of the the strings
      A        B       A xor B
      0        0    ->    0
      0        1    ->    1 
      1        0    ->    1
      1        1    ->    0
   w[13] = 00000000000000000000000000000000
   w[8]  = 00000000000000000000000000000000
   w[2]  = 00000000000000000000000000000000
   w[0]  = 01001000011001010110110001101100

         = 01001000011001010110110001101100
The leftrotate x function shifts each bit x times to the left. Any bits 
that are shifted past the beginning of the string are cycled back to the end of the string.
Taking the string we got, we leftrotate the string one bit
= 10010000110010101101100011011000

So, after the first iteration W16 is added to the chunk as:

W16 = 10010000110010101101100011011000
After all of the iterations, we should have a chunk of 2560 bits

Step 5A

 Initialize The "Hash Values" for the chunk
 A = H1
 B = H2
 C = H3
 D = H4
 E = H5

Step 6

Alumni Liaison

Recent Math PhD now doing a post-doctorate at UC Riverside.

Kuei-Nuan Lin