Filter
Top Products
CCA Release 2.54
The CCA products support the following hash functions:
Secure Hash Algorithm-1 (SHA-1) The SHA-1 is defined in FIPS 180-1 and
produces a 20-byte, 160-bit hash value. The algorithm performs best on
big-endian, general purpose computers. This algorithm is usually preferred over
MD5 if the application designers have a choice of algorithms. SHA-1 is also
specified for use with the DSS digital signature standard.
RIPEMD-160 RIPEMD-160 is a 160-bit cryptographic hash function, designed by
Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. It is intended to be used
as a secure replacement for the 128-bit hash functions MD4, MD5, and RIPEMD.
RIPEMD was developed in the framework of the EU project RIPE (RACE
Integrity Primitives Evaluation, 1988-1992).
Message Digest-5 (MD5) MD5 is specified in the Internet Engineering Task Force
RFC 1321 and produces (as with MDC) a 16-byte, 128-bit hash value. This
algorithm performs best on little-endian (for example, Intel), general purpose
computers.
Modification Detection Code (MDC) The MDC is based on the DES algorithm and
produces a 16-byte, 128-bit hash value. This hashing algorithm is considered
quite strong. However, it performs rapidly only when supported by
DES-hardware units specifically designed for MDC. See “Modification Detection
Code (MDC) Calculation Methods” on page D-3 for a description of the MDC
algorithm.
There are many different approaches to data integrity verification. In some cases,
you can simply make known the hash value for a data string. Anyone wishing to
verify the integrity of the data would recompute the hash value and compare the
result to the known-to-be-correct hash value.
In other cases, you might want someone to prove to you that they possess a
specific data string. In this case, you could randomly generate a challenge string,
append the challenge string to the string in question, and hash the result. You
would then provide the other party with the challenge string, ask them to perform
the same hashing process, and return the hash value to you. This method forces
the other party to re-hash the data. When the two hash values are the same you
can be confidant that the strings are the same, and the other party actually
possesses the data string, and not merely a hash value.
The hashing services described in this chapter allow you to divide a string of data
into parts, and compute the hash value for the entire string in a series of calls to
the appropriate verb. This can be useful if it is inconvenient or impossible to bring
the entire string into memory at one time.
Digital Signatures
You can protect data from undetected modification by including a
proof-of-data-integrity value. This proof of data integrity value is called a digital
signature, and relies on hashing (see “Hashing” above) and public-key
cryptography.
When you wish to sign some data you can produce a digital signature by hashing
the data and encrypting the results of the hash (the hash value) using your private
key. The encrypted hash value is called a digital signature.
4-2 IBM 4758 CCA Basic Services, Release 2.54, February 2005