Q

# Symmetric key encryption algorithms and hash function cryptography united

## Can a secure symmetric key encryption algorithm be used in hash function cryptography? Learn more about these data encryption techniques.

Can a secure symmetric key encryption scheme be used to create a secure cryptographic hash function? The one-way...

nature of the exchange is affected, I assume, because the cipher of symmetric key encryption can be decrypted. What are the advantages and disadvantages of this approach?

SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email: editor@searchsecurity.com

Symmetric key encryption schemes can be used to create cryptographic hash functions. To discuss possible advantages or disadvantages of doing this, lets first look at how symmetric key encryption algorithms and hash function cryptography are used and the properties they should have.

A hash function takes a block of data, usually called the message, and returns a fixed-size string, which can be called the hash, hash value or message digest. The main reason for creating a hash value of a message is that any accidental or intentional change to it will result in a completely different hash value. By comparing the hash values of a message before and after an event, such as downloading it, the integrity of the data can be validated.

The four main properties of a good cryptographic hash function are:

1.     It is easy to compute the hash value for any given message.

2.     It is infeasible to find a message that has a given hash.

3.     It is infeasible to modify a message without the hash being changed.

4.     It is infeasible to find two different messages with the same hash.

Let's now look at how symmetric-key encryption works and see if it has the four properties listed above. Symmetric key algorithms use the same key for both decryption and encryption and can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the bits of the message one at a time, while block ciphers take a number of bits and encrypt them as a single unit, the Advanced Encryption Standard (AES) algorithm uses 128-bit blocks for example.

A block cipher such as AES can be turned into a hash function; Davies–Meyer and Matyas–Meyer–Oseas are some of the methods used. Algorithms such as AES were designed to encrypt data, a different design goal to a hash function that uses large keys and blocks, can efficiently change keys every block, and have been designed and vetted for resistance to related-key attacks. AES has key and block sizes that make it nontrivial to generate long hash values. AES encryption becomes less efficient when the key changes each block and related-key attacks make it potentially less secure for use in a hash function than for encryption.

However, taking a hit on efficiency and security may be acceptable when an embedded system needs to implement both encryption and hashing while using the minimum amount of code. As always with most security-related algorithms, it is often a tradeoff between speed and security.

This was last published in September 2011

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### How to prepare for a cloud DDoS attack on an enterprise

Suffering a cloud DDoS attack is now more likely than ever. Expert Frank Siemons discusses what enterprises need to know about ...

• ### Ownership of cloud risks gets lost in many cloud computing scenarios

CISOs ensure that cloud services comply with IT security and risk management policies. But who has executive oversight of ...

• ### Cloud incident response: What enterprises need to include in a plan

A cloud incident response plan can be difficult to assemble. Expert Rob Shapland discusses the basics of what to include in a ...

## SearchNetworking

• ### Arista, Brocade intro better spine, leaf switches for the data center

Arista and Brocade have introduced spine and leaf switches. Arista has focused on performance; Brocade has added network ...

• ### Amazon Snowball Edge a possible threat to server, network vendors

Amazon Snowball Edge, a server-like IoT device, could eventually pose a threat to server and networking vendors, which are ...

• ### Using BLE beacons and Wi-Fi technology for device tracking

BLE beacons and Wi-Fi technology promise enormous potential for accuracy in location and tracking of wireless devices. But is one...

## SearchCIO

• ### Record-busting online holiday sales and the rise of the omnishopper

Record online holiday sales foretell the arrival of conversational commerce, digital humanism and the omnishopper. Also: AWS goes...

• ### Will AR and VR tech revolutionize digital business management?

In this issue of CIO Decisions, we explore how virtual reality and augmented reality technologies could quickly become integral ...

• ### AR, VR tech poised to revolutionize digital business management

We've all seen footage of astronauts being trained for space travel in virtual environments, and many of us were sucked into the ...

## SearchConsumerization

• ### Android, Windows tablets from HP take aim at business users

HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost \$449 and ...

• ### Microsoft to lay off 18,000, Nokia X moves to Windows Phone

Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier...

• ### Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2

Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ...

## SearchEnterpriseDesktop

• ### Experts predict the future of Windows 10 and the Creators Update

Three experts share their thoughts on what's next for enterprise desktop admins in 2017, including what to expect from Windows 10...

If admins notice any issues with tasks running on Windows, they can turn to NirSoft's TaskSchedulerView to pinpoint the culprit ...

• ### Four ways to squeeze more juice into the Windows 7 lifecycle

Windows 7 is not dead. There are many reasons IT keeps it around. To make the OS perform well, admins must modernize it and make ...

## SearchCloudComputing

• ### Multicloud computing bliss not yet a reality for all IT shops

Experts predict multicloud computing will be a top enterprise trend in 2017, but some cloud users question whether the touted ...

• ### Perform a PaaS pricing comparison for public cloud

When choosing a platform, enterprises need to focus on features and prices for Azure, Google and AWS. Take a look under the hood ...

• ### Cloud orchestration tools become a must-have for hybrid IT

Some IT shops try to force-fit legacy orchestration tools to cloud -- but that can backfire. Instead, evaluate new orchestration ...

## ComputerWeekly

• ### Google to hit 100% renewable energy target for datacentres in 2017

Google claims to be on course to hit its 100% renewable energy pledge in 2017 by ramping up its acquisition of green power sources

• ### Dailymotion breach prompts calls for password alternatives

The latest breach of millions of user details prompts fresh calls for better security of user data and an alternative to passwords

• ### Equinix to acquire 29 datacentres from Verizon for \$3.6bn

Colocation giant Equinix hits the acquisition trail once more, as it continues on its quest to expand its global datacentre ...

Close