VIATHINKSOFT/WEBFAN D. Marschall
SPECIFICATION No. 5 ViaThinkSoft
First Draft: 2011 4 September 2024
=== Marschall Hash 1 (MHA1) ===
Abstract
This document describes the hash algorithm MHA1.
Identification of this Document
Revision: 2024-09-04
State: Deprecated
Filename: viathinksoft-std-0005-mha1.txt
URN: urn:x-viathinksoft:std:0005:2024-09-04
OID: 1.3.6.1.4.1.37476.3.2.1.1
{ iso(1) identified-organization(3) dod(6) internet(1)
private(4) enterprise(1) 37476 specifications(3)
algorithm(2) hash(1) mha1(1) }
WEID: weid:pen:SX0-3-2-1-1-1
IETF/RFC: (None)
Attachments
Reference implementation in PHP:
https://github.com/danielmarschall/php_utils/blob/master/
vts_crypt.inc.php
Copyright Notice
Copyright (c) 2011-2024 ViaThinkSoft and the persons identified as
the document authors. All rights reserved.
Licensed under the terms of the Apache 2.0 License.
Marschall [Page 1]
VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024
Table of Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3
2 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1 Modular Crypt Format Notation . . . . . . . . . . . . . . . 3
3.2 Heterogenous Systems Notation . . . . . . . . . . . . . . . 4
4 Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . . 5
5 Reference implementation . . . . . . . . . . . . . . . . . . . 6
6 Security Considerations . . . . . . . . . . . . . . . . . . . . 6
6.1 Runtime complexity . . . . . . . . . . . . . . . . . . . . 6
7 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 6
8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 6
6.1 Normative References . . . . . . . . . . . . . . . . . . . 6
6.2 Informative References . . . . . . . . . . . . . . . . . . 7
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 7
Marschall [Page 2]
VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024
1 Introduction
MHA is a hash function which performs multiple hash iterations on a base hash function. It should be save even if the base hash function is broken. This function is pretty slow because of the iterations, but therefore secure against offline attacks or rainbowtables. Also, the slowlyness of this hash makes the creation of rainbow tables much harder.1.1 Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.2 Definition
MHA(x, iteratedSalt, iterations) = rec(iterations, x, iteratedSalt). rec[n, x, iteratedSalt] = iteratedSalt || rec[n-1, x, iteratedSalt] || iteratedSalt. rec[0, x, iteratedSalt] = x.3 Notation
3.1 Modular Crypt Format Notation
Format of the MCF: $<id>$<params>$<salt>$<hash> <id> is 1.3.6.1.4.1.37476.3.2.1.1 <params> is a=<algo>,i=<iterations> where <algo> is any valid hash algorithm (name scheme of PHP hash_algos() preferred), e.g. - sha3-512 - sha3-384 - sha3-256 - sha3-224 - sha512 - sha512/256 Marschall [Page 3]VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024
- sha512/224
- sha384
- sha256
- sha224
- sha1
- md5
Not possible with MHA1 are these hashes (because they have a special
salt-handling and output their own crypt format):
- bcrypt [Standardized crypt identifier 2, 2a, 2x, 2y]
- argon2i [Crypt identifier argon2i, not standardized]
- argon2id [Crypt identifier argon2i, not standardized]
<iterations> are the iterations.
Like most Crypt-hashes, <salt> and <hash> are Radix64 coded without
padding and with alphabet
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.
3.2 Heterogenous Systems Notation
The "heterogenous systems notation" (HSN) is DEPRECATED in favor of the modular crypt format notation! <mha1-oid>$<base-hash>$<iterations>$<salt-base64>$<hash-base64> - <mha1-oid> is the OID for a MHA1 algorithm in its dot-notation without leading dot, which is 1.3.6.1.4.1.37476.3.2.1.1 This OID has ASN.1 Notation: { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specification(3) algorithm(2) hash(1) mha1(1) } - <base-hash> should be an OID which represents the base hash ("H") algorithm used, in dot-notation. The following table shows the OIDs which have been assigned for exchange between heterogenous systems. If you want to use a different hash algorithm or a derivate of it, please define your own OID (you can use an UUID OID, get a free IANA PEN OID, or a free ViaThinkSoft OID), but please do not use this arc, since only ViaThinkSoft may maintain it. -------------------------------------------------------------- Base algorithm OID proposal -------------------------------------------------------------- Message Digest 4 (MD4) 1.3.6.1.4.1.37476.3.2.1.99.1 Message Digest 5 (MD5) 1.3.6.1.4.1.37476.3.2.1.99.2 Marschall [Page 4]VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024
RIPEMD-160 1.3.6.1.4.1.37476.3.2.1.99.3
Secure Hash Algorithm 1.3.6.1.4.1.37476.3.2.1.99.4
Secure Hash Algorithm 1 1.3.6.1.4.1.37476.3.2.1.99.5
Secure Hash Algorithm 2/224 1.3.6.1.4.1.37476.3.2.1.99.6.224
Secure Hash Algorithm 2/256 1.3.6.1.4.1.37476.3.2.1.99.6.256
Secure Hash Algorithm 2/384 1.3.6.1.4.1.37476.3.2.1.99.6.384
Secure Hash Algorithm 2/512 1.3.6.1.4.1.37476.3.2.1.99.6.512
Secure Hash Algorithm 3/224 1.3.6.1.4.1.37476.3.2.1.99.7.224
Secure Hash Algorithm 3/256 1.3.6.1.4.1.37476.3.2.1.99.7.256
Secure Hash Algorithm 3/384 1.3.6.1.4.1.37476.3.2.1.99.7.384
Secure Hash Algorithm 3/512 1.3.6.1.4.1.37476.3.2.1.99.7.512
--------------------------------------------------------------
- <iterations> is the number of iterations, e.g. 1987.
- <salt-base64> is the iterated salt used for MHA1, encoded in
Base64.
- <hash-base64> is the resulting hash, encoded in Base64.
4 Test Vectors
MHA1 - Base algo 'sha1', Input '', Salt '', Iterations 1987 MCF: $1.3.6.1.4.1.37476.3.2.1.1$a=sha1,i=1987$$SMJt5BeI3z2Q577 2DcQUXiFBHmO HSN: 1.3.6.1.4.1.37476.3.2.1.1$1.3.6.1.4.1.37476.3.2.1.99.5$19 87$$UOLv7DgK5/4S7994FeSWZkHDJoQ= Hex: 50e2efec380ae7fe12efdf7815e4966641c32684 MHA1 - Base algo 'sha1', Input 'The quick brown fox jumps over the lazy dog', Salt '', Iterations 1987 MCF: $1.3.6.1.4.1.37476.3.2.1.1$a=sha1,i=1987$$9obb16qgeksp9r4 iSz.o77EUQlC HSN: 1.3.6.1.4.1.37476.3.2.1.1$1.3.6.1.4.1.37476.3.2.1.99.5$19 87$$Bqdd38sigmurBt6kU/0q99GWSnE= Hex: 06a75ddfcb22826bab06dea453fd2af7d1964a71 Marschall [Page 5]VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024
5 Reference implementation
// Implementation in PHP, with hex output function mha1($password, $iteratedSalt, $iterations, $base_algo) { assert($iterations >= 1); $m = $password; for ($i=1; $i<=$iterations; $i++) { $m = hash($base_algo, $iteratedSalt.$m.$iteratedSalt, true/*binary*/); } return bin2hex($m); } // Framework for PHP, with MCF output and auto-generated salt: // https://github.com/danielmarschall/php_utils/blob/master/ // vts_crypt.inc.php include 'vts_crypt.inc.php'; $hash = vts_password_hash($data, PASSWORD_VTS_MHA1, ['algo'=>'sha1', 'salt_length'=>16, 'iterations'=>1987]); assert(vts_password_verify($data, $hash));6 Security Considerations
Hash values play a crucial role in various security contexts, such as password verification. For detailed guidance on securely managing hashes, please consult the relevant literature or documentation. MHA1 might be prone to collisions because the probability of collisions increases with the iterations.6.1 Runtime complexity
The number of hash OPs is <iterations>.7 IANA Considerations
There are no IANA Considerations.8 References
6.1 Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>. Marschall [Page 6]VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024