Thesis Abstract

Abstract
This research project focuses on comparing the SHA-1, SHA-256, and MD5 cryptographic hash functions. Cryptographic hash functions play a crucial role in ensuring data integrity and security in various applications such as digital signatures, password security, and digital certificates. The objective of this study is to analyze and compare the strengths and weaknesses of these three popular hashing algorithms in terms of security, speed, and collision resistance. The SHA-1 algorithm, though widely used in the past, has been deprecated due to vulnerabilities that make it susceptible to collision attacks. On the other hand, the SHA-256 algorithm, which is part of the SHA-2 family, offers a higher level of security with a larger bit length compared to SHA-1. It is designed to provide enhanced protection against cryptographic attacks and is currently considered to be secure for various cryptographic applications. MD5, another widely used hash function, has also been found to have vulnerabilities in terms of collision resistance. It is considered to be less secure compared to the SHA-1 and SHA-256 algorithms due to its smaller digest size and the discovery of collision attacks. Despite its speed and efficiency in certain applications, MD5 is not recommended for cryptographic purposes where data security is paramount. In this research project, a comparative analysis of SHA-1, SHA-256, and MD5 algorithms will be conducted based on various criteria such as security level, collision resistance, speed of computation, and prevalence in current applications. The study will involve implementing these algorithms in different scenarios to evaluate their performance and effectiveness in real-world applications. The findings of this research will provide valuable insights into the strengths and limitations of each hashing algorithm, helping users make informed decisions when choosing an appropriate algorithm based on their specific security requirements. By comparing the security features and performance metrics of SHA-1, SHA-256, and MD5, this study aims to contribute to the understanding of cryptographic hash functions and their implications for data security in modern computing environments.

Thesis Overview

 INTRODUCTION

1.1 BACKGROUND OF THE STUDY

Cryptography is an effective way of protecting sensitive information that is stored on media or transmitted through network communication paths.

Although the ultimate goal of cryptography, and the mechanisms that make it up, is to hide information from unauthorized individuals because most protocols can be broken into and the information can be revealed if the attacker has enough time, desire, and resources. Consequently, a more realistic goal of cryptography is to make obtaining the information too work-intensive to be worthwhile to the attacker and this is done through encryption.

The first encryption methods dated back to four thousand years ago and were considered more of an ancient art. As encryption evolved, it was mainly used to pass messages through hostile environments of war, crisis, and for negotiation processes between conflicting groups of people. Throughout history, individuals and governments have worked to protect communication by encrypting it. As time went on, the encryption algorithms and the devices that used them increased in complexity, new methods and algorithms were continually introduced, and it became an integrated part of the computing world.  Smith,A(2004)

While cryptography is the science of securing of data, cryptanalysis is the science of analyzing and breaking secure communication. Cryptology embraces both cryptography and cryptanalysis. In order words, it is the coding of plaintext and at the same time decoding it. (Smith 2004)

 Cryptanalysis involves the process of an interesting combination of analytical reasoning, application of mathematical tools, pattern finding, patience, determination and luck. In order words, cryptanalyst are also called attackers.

Data that can be read and understood without any special method is called plaintext or clear text. The method of disguising plaintext in such a way as to hide its substance is encryption. The encrypted plaintext (which is unreadable) is known as the cipher text. The process of converting the cipher text back to the plaintext is decryption.

Cryptography can be strong or weak. The cryptographic strength can be measured in the time and resources it will take to recover the plaintext.  (Smith.2004)    

Cryptography currently plays a major role in many information technology applications. For example, when engaging in electronic commerce, customers provide their credit cards numbers when purchasing products. If the connection is not secure, an attacker can easily obtain this sensitive data. In order to implement a comprehensive security plan, the following must be provided:

a)     Confidentiality: Information cannot be observed by an unauthorized party. This is accomplished through public key and symmetric key encryption.

b)   Data security: Transmitted data within a given communication session cannot be altered in transit due to error or an unauthorized party. This is accomplished through the use of hash function and message authentication codes(MACs)

c)     Message authentication: Parties within the given communication session must provide certified proof validating the authenticity of a message. This is accomplished through the use of digital signatures. The only communicating party that can generate a digital signature that will successfully verify as belonging to the originator of the message is the originator of the message. This process validates the authenticity of the message (it shows if the acclaimed originator of the message is really the actual originator of the said message)

d)   Non repudiation: in this case neither the sender nor the receiver of the message may deny transmission. This is accomplished through Digital Signatures and third party notary services.    

e)     Entity authentication: Establishing the identity of an entity such as person or device.

f)     Access control: controlling access to data and resources is determined base on the privilege assigned to the data and resources as well as the privilege of the entity attempting to access the data and resources. Schneier Bruce (1996)