Differences between Fingerprint, MessageDigest and Hash-Value of a document?

Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 06.07.2005 14:03:22 von mmecky

When I read some tutorials and articles about the topic it seems to me that these three
expressions are often mixed resp. used synonymously.

Or are there any differences in the meaning ?

Marcus

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 06.07.2005 14:54:02 von Tonton

"Marcus Mackler" wrote
> When I read some tutorials and articles about the topic it seems to me
that these three
> expressions are often mixed resp. used synonymously.
>
> Or are there any differences in the meaning ?
>
> Marcus

If we are talking specifically about _cryptographic_ hash-value, I think
"fingerprint of a document", "messagedigest of a document" and
"cryptographic hash-value of a document" all mean the same. Normal,
non-cryptographic hash-values are also often used but their purpose is
different. Non-cryptographic hash-values do not serve as a "fingerprint".

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 06.07.2005 16:07:11 von mikeyd

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Marcus Mackler wrote in
<42cbc88a$0$10813$9b4e6d93@newsread4.arcor-online.net>:

> When I read some tutorials and articles about the topic it seems to me
> that these three expressions are often mixed resp. used synonymously.
>
> Or are there any differences in the meaning ?
>
Fingerprint is used for a number of things, it doesn't really have a
specific meaning. A hash and a message digest mean pretty much the same
thing.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1-ecc0.1.6 (GNU/Linux)

iD8DBQFCy+XCseVxKm0DPWERA4ijAJ4pLw/U9kp+rtvVn6bqdz+NWY3+qgCc DNOy
fdEpDh3oz91tMngcQk8k/oI=
=kO94
-----END PGP SIGNATURE-----

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 06.07.2005 16:57:13 von cipherpunk

"Digest" and "hash" are synonymous. If you read the literature about
cryptographic digests, a lot of the papers talk about cryptographic
hash functions and vice-versa.

"Fingerprint" is a term PGP invented because they thought people would
be afraid of the term "hash" or "digest". PGP has a history of
renaming cryptographic primitives for hazy and ill-understood reasons;
e.g., there is no Diffie-Hellman asymmetric algorithm. PGP keys use
the El Gamal algorithm for encryption, but for unknown reasons they
call it Diffie-Hellman.

Re: Differences between Fingerprint, MessageDigest and Hash-Valueof a document?

am 06.07.2005 18:21:53 von DFS

Marcus Mackler wrote:
> When I read some tutorials and articles about the topic it seems to me that these three
> expressions are often mixed resp. used synonymously.
>
> Or are there any differences in the meaning ?

AFAIK, they're synonyms. IMHO 'Fingerprint' is more toward the
marketing department end of the spectrum, 'Message digest' is formal,
and 'hash' is a word that everyone can be comfy with.

--Mike Amling

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 06.07.2005 21:23:08 von unruh

"Tonton" writes:


>"Marcus Mackler" wrote
>> When I read some tutorials and articles about the topic it seems to me
>that these three
>> expressions are often mixed resp. used synonymously.
>>
>> Or are there any differences in the meaning ?
>>
>> Marcus

>If we are talking specifically about _cryptographic_ hash-value, I think
>"fingerprint of a document", "messagedigest of a document" and
>"cryptographic hash-value of a document" all mean the same. Normal,
>non-cryptographic hash-values are also often used but their purpose is
>different. Non-cryptographic hash-values do not serve as a "fingerprint".

Fingeprints often refer to a truncated short hash-- ie just a few of the
first digits of the hash converted to readable text. Ie, a quick check.
messagedigest suggests some very specific protocol. cyptographic hash refers
to any hash with a crypto strong hash function, and not necessarily part of
a protocol. Ie, a message digest includes a crypto hash, but a lot more
besides.

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 07.07.2005 01:43:41 von dhodgin1661

On Wed, 06 Jul 2005 08:03:22 -0400, Marcus Mackler wrote:

> When I read some tutorials and articles about the topic it seems to me that these three
> expressions are often mixed resp. used synonymously.
> Or are there any differences in the meaning ?

I'm no expert, but here's my 2¢ worth...

Fingerprint - anything shorter than a copy of the document, that can be used to verify
that the document has not been altered. With pgp, the standard use of a fingerprint,
is to verify that the key is the correct one. For example, I could read the fingerprint
of my key to you, over the phone, so that you could verify you have a real copy of my
public key. Being much shorter, it would be much easier to read the fingerprint, rather
then all of the digits in the key itself.

Hash-value - The result of using a hash algorithm to process a value, or set of values.

A hash algorithm is any mathamatical formula used to translate one value, or set of
values to another. Most hash values are used to produce a smaller number of possible
values. For example, lets say you have a database, where you want to be able to
directly access records based on a 20 character name. Even if you limit the accecpted
characters to uppercase letters and spaces, that would be 2 to the power of 27 possible
values, or 134,217,728 records. You know you won't have every possible name in the
database. In order to save space, you need some method, to translate the names that
are used, into a record number. That's where the hash algorithm comes in. With pgp,
the two choices of hash algorithms used are MD5 (Message Digest 5), and SHA1 (Secure
Hash Algorithm 1). Both formulas are used to convert unknown length documents into
128-bit numbers. Both are one way hashes, meaning it's impossible to determine the
correct document contents, from just the hash value.

For pgp, one major concern is, given a document and it's hash value, how hard is it
to produce another document, that will produce the same hash value, and still appear
to be a valid document. I'll leave it to the experts to explain how hard it is.

For details on MD5 see http://www.faqs.org/rfcs/rfc1321.html
For SHA-1 see http://www.itl.nist.gov/fipspubs/fip180-1.htm

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 07.07.2005 01:45:16 von dhodgin1661

On Wed, 06 Jul 2005 08:03:22 -0400, Marcus Mackler wrote:

> When I read some tutorials and articles about the topic it seems to me that these three
> expressions are often mixed resp. used synonymously.
> Or are there any differences in the meaning ?

I'm no expert, but here's my 2¢ worth...

Fingerprint - anything shorter than a copy of the document, that can be used to verify
that the document has not been altered. With pgp, the standard use of a fingerprint,
is to verify that the key is the correct one. For example, I could read the fingerprint
of my key to you, over the phone, so that you could verify you have a real copy of my
public key. Being much shorter, it would be much easier to read the fingerprint, rather
then all of the digits in the key itself.

Hash-value - The result of using a hash algorithm to process a value, or set of values.

A hash algorithm is any mathamatical formula used to translate one value, or set of
values to another. Most hash values are used to produce a smaller number of possible
values. For example, lets say you have a database, where you want to be able to
directly access records based on a 20 character name. Even if you limit the accecpted
characters to uppercase letters and spaces, that would be 2 to the power of 27 possible
values, or 134,217,728 records. You know you won't have every possible name in the
database. In order to save space, you need some method, to translate the names that
are used, into a record number. That's where the hash algorithm comes in. With pgp,
the two choices of hash algorithms used are MD5 (Message Digest 5), and SHA1 (Secure
Hash Algorithm 1). Both formulas are used to convert unknown length documents into
128-bit numbers. Both are one way hashes, meaning it's impossible to determine the
correct document contents, from just the hash value.

For pgp, one major concern is, given a document and it's hash value, how hard is it
to produce another document, that will produce the same hash value, and still appear
to be a valid document. I'll leave it to the experts to explain how hard it is.

For details on MD5 see http://www.faqs.org/rfcs/rfc1321.html
For SHA-1 see http://www.itl.nist.gov/fipspubs/fip180-1.htm

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Differences between Fingerprint, MessageDigest and Hash-Valueof a document?

am 07.07.2005 23:43:04 von Roland Le Franc

A message digest is a value that is a resume of the document, used for
the authentification / signature. It should change (even better, change
much) if you just change a bit in the original document.
It can be done with a hash function, so it can be a hash value.


A fingerprint is a value that is a resume of the document, used to
recognize an original document. It should not change if you change a bit
the original document. For instance, if you compress into mp3 and back
to wav an original wav music file, its finger print should be kept the same

Marcus Mackler a écrit :
> When I read some tutorials and articles about the topic it seems to me that these three
> expressions are often mixed resp. used synonymously.
>
> Or are there any differences in the meaning ?
>
> Marcus
>

Re: Differences between Fingerprint, MessageDigest and Hash-Valueof a document?

am 09.07.2005 16:32:34 von nospam

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marcus Mackler schreef:
> When I read some tutorials and articles about the topic it seems to me that these three
> expressions are often mixed resp. used synonymously.
>
> Or are there any differences in the meaning ?

Fingerprint: The long (and secure) version of your KeyID
E.g.: pub 800R/225CA009 1998-10-30
Key fingerprint = A1 95 F6 1D 36 E1 6F AF BC 99 48 8D 91 ED 23 FB

MD: The Algo you use for hashing
E.g.: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512

Hash-Value: A number produced by the MD
E.g.: gpg.exe: MD5 = 4D E2 02 32 0F 85 7E F9 31 97 DE A3 AF 49 AF 6E

HTH,
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQB5AwUBQs/gAgEP2l8iXKAJAQKVNgMeNGk7+h4RyI9aNFUpVL971YAmNcWn tkig
YnYMjzURjw8vVwP4eFhPPB1ly625j4aOYiaht3sVYVcJQ6KiWZMo/We1xDpO nune
8OMoE2EAYSnyqyg2fWNTfGn/okVlXPwYOTGroQ==
=df/N
-----END PGP SIGNATURE-----

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 10.07.2005 07:38:28 von JercoS

Both formulas are used to convert unknown length documents into
128-bit numbers. Both are one way hashes, meaning it's impossible to
determine the
correct document contents, from just the hash value.
kinda ya but in practice a hash can be reversed by trying every
possible combination until one that matches is found (eg brute force)
the most common example would be password breaking (eg "cracking")
other than that your explination was perfect!

Re: Differences between Fingerprint, MessageDigest and Hash-Value of a document?

am 11.07.2005 20:08:09 von dhodgin1661

On Sun, 10 Jul 2005 01:38:28 -0400, Jeremy S. wrote:

>> Both formulas are used to convert unknown length documents into
>> 128-bit numbers. Both are one way hashes, meaning it's impossible to
>> determine the
>> correct document contents, from just the hash value.

> kinda ya but in practice a hash can be reversed by trying every
> possible combination until one that matches is found (eg brute force)
> the most common example would be password breaking (eg "cracking")
> other than that your explination was perfect!

Thanks!!!

For short documents, like passwords, I agree. For longer documents,
I understood that, since there are collisions, even brute force
isn't effective, since you can't know which of the possible
source documents was actually used.

In future though, I'll try to remember to say "very difficult",
instead of impossible.

Regards, Dave Hodgins

--
Change nomail.afraid.org to rogers.com to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)