Hash Functions and Message Digests

Many signature methods couple authentication and secrecy (encryption/decryption)
together. The key used for authentication is also used for encryption. Secrecy, however,
comes at a cost: Cryptography involves delay, processor overhead, and memory and
delivery bandwidth overhead in the handset. It is therefore often useful to have an
authentication process that does not require the whole message to be encrypted. This
is sometimes described as a hash function or message digest.
In Chapter 7, we discussed content ownership and the codification of ownership
rights (MPEG-4/MPEG-21). Ownership rights, of an image or video clip, for example,
can be protected by computing a message digest consisting of the file countersigned
(that is, multiplied by) the user’s secret key and possibly also a timestamp—or, across
a radio air interface, a system frame number.
The digest, or hash function, has to have three properties:
 Given P (the plaintext), it is easy to compute MD(P).
 Given MD(P), it is effectively impossible to find P.
 No one can generate two messages that have the same message digest. To meet
this, the hash should be at least 128 bits long, preferably more.
A number of message digests have been proposed. The most widely used are MD5
and Secure Hash Algorithm (SHA). MD5 is the fifth in a series of hash functions
designed by Ron Rivest. It operates by jumbling up bits in a way that every output bit
is affected by every input bit. SHA is similar in process but uses 2 bits more in the MD.
It is consequently 232 more secure than MD5, but it is slower, since the hash code is not
a power of 2.