In this post, I will choose an encryption algorithm cipher that avoids collision, and I will use the cipher to generate a checksum verification for a given string in Java.
What is a Checksum?
The hash produced by a cryptographic function, such as SHA-256, is a checksum.
I will use the Java MessageDigest class to generate the checksum verification and instantiate it with one of the documented options in the Java Security Standard Algorithm Names for MessageDigest
.
Recommended algorithm name
SHA-256 is the algorithm name that I have chosen to use from the list of algorithm names that are used to generate an instance of MessageDigest.
What is a Hash Function?
A hash function satisfies three properties:
- Collision resistance. It is computationally infeasible to find two distinct bit strings s ≠ s’ such that H ( s ) = H ( s ‘ ).
- Pre-image resistance. Given a hash value t in the range of H, it is computationally infeasible to find a string s for which H ( s ) = t.
- nd Pre-image resistance. Given a string s and hash value t such that H ( s ) = t, it is computationally infeasible to find a second string s ‘ such that H ( s’ ) = t as well.
(Walker, J., Kounavis, M., Gueron, S., & Graunke, G. (2009)
Check out Cryptographic hash functions for a simplified explanation if you are not familiar with discrete math symbols.
SHA-256 is a Hash Function
Secure Hash Algorithm (SHA-256) is a cryptographic hash (digest) function used for verifying the integrity of a piece of text.
Hash functions are used to produce a unique (collision-free) hash value from a piece of text. The hash is not decryptable (The hash cannot be used to regenerate the original text)
Example
The hash value for the “ABC” text using SHA-256 is:
ba7816bf8f01cfea414140de5daeb0061a96177a9cb410ff61f0015ad
A secure hash function will make it infeasible for anyone to figure out that the above hash was produced using the “ABC” string.
Hash Function Usage
Hash functions are used in handshake authentication, password verification, digital signatures, and other security applications. What guarantees do we have that a downloaded file from the internet was not corrupted or comprised? Hash functions solve that problem.
Scenario
A website allows the download of files and publicly publishes the hash values and the algorithm name used to produce the hash for the downloads. You can generate a hash on your computer for the downloaded file to verify that your hash matches the publisher’s hash value. The integrity of a file is compromised when the new hash does not match the old hash. This indicates that the file’s contents have changed, even by a single character.
How Secure is SHA-256
SHA-256 is secure enough to be trusted by the United States Federal Government. On December 1, 015, the Department of Defense (DoD) published memorandum with the subject “Revised Schedule to Update DoD Public Key Infrastructure Certificates to Secure Hash Algorithm-256.”
Is SHA-256 Collision Resistant?
In cryptography, a collision is when two different texts produce the same hash.
According privacycanada.net, there is a ^256 chance for a collision in SHA-56. ^256 is slightly less than the number of atoms in the known universe, which is about 10^8 atoms, according to Harry Baker (2021). To date, SHA-256 has not produced any known collisions.
Comparison
SHA-256 chance of collission = ^256 = 11579089716195457098500868790785699846656405640945758400791196996
Number of atoms in the known universe = 10^8 = 10000000000000000000000000000000000000000000000000000000000000000000000000000000000
This comparison is just for visual and does not say anything about the security of SHA-256 because computers are becoming faster at processing data.
Java Code to generate a Checksum
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@SpringBootApplication
public class ServerApplication {
public static void main(String[] args) {
SpringApplication.run(ServerApplication.class, args);
}
}
@RestController
class ServerController{
@RequestMapping("/hash")
public String myHash(){
MessageDigest messageDigest = null; // declare MessageDigest object
String data = "Test string"; // data string
String checkSum = null; // Checksum value
try {
messageDigest = MessageDigest.getInstance("SHA-256"); // initialize object using SHA-256
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
messageDigest.update(data.getBytes()); // pass data to messageDigest
byte[] digest = messageDigest.digest(); // compute messageDigest
checkSum = this.bytesToHex(digest); // create hash value
// return formatted string
return "<p>Data: " + data + "<br>Name of the algorithm cipher used: SHA-256" + "<br>Checksum hash value: " + checkSum + "</p>";
}
// Converts a byte array to a hexadecimal string
public String bytesToHex(byte[] bytes) {
StringBuilder springBuilder = new StringBuilder();
// loop through byte array
for (byte hashByte : bytes) {
int intVal = 0xff & hashByte;
if (intVal < 0x10) {
springBuilder.append('0'); // append elements
}
springBuilder.append(Integer.toHexString(intVal));
}
return springBuilder.toString(); // return hexadecimal string
}
}
References
Baker, H. (2021). How many atoms are in the observable universe?. https://www.livescience.com/how-many-atoms-in-universe.html
Department of Defense. (2015). Memorandum for secretaries of the military departments. https://www.acf.hhs.gov/sites/default/files/documents/ocse/dcl_08_07a.pdf
Privacy Canada. (n.d.). Why is ^256 secure?. https://privacycanada.net/cryptanalysis/why-is-2-256-secure/
Walker, J., Kounavis, M., Gueron, S., & Graunke, G. (2009). Recent contributions to cryptographic hash functions. Intel Technology Journal, 1(), 80–95.