VIATHINKSOFT/WEBFAN D. Marschall SPECIFICATION No. 5 ViaThinkSoft First Draft: 2011 4 September 2024 === Marschall Hash 1 (MHA1) === Abstract This document describes the hash algorithm MHA1. Identification of this Document Revision: 2024-09-04 State: Deprecated Filename: viathinksoft-std-0005-mha1.txt URN: urn:x-viathinksoft:std:0005:2024-09-04 OID: 1.3.6.1.4.1.37476.3.2.1.1 { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specifications(3) algorithm(2) hash(1) mha1(1) } WEID: weid:pen:SX0-3-2-1-1-1 IETF/RFC: (None) Attachments Reference implementation in PHP: https://github.com/danielmarschall/php_utils/blob/master/ vts_crypt.inc.php Copyright Notice Copyright (c) 2011-2024 ViaThinkSoft and the persons identified as the document authors. All rights reserved. Licensed under the terms of the Apache 2.0 License. Marschall [Page 1] VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024 Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1 Modular Crypt Format Notation . . . . . . . . . . . . . . . 3 3.2 Heterogenous Systems Notation . . . . . . . . . . . . . . . 4 4 Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . . 5 5 Reference implementation . . . . . . . . . . . . . . . . . . . 6 6 Security Considerations . . . . . . . . . . . . . . . . . . . . 6 6.1 Runtime complexity . . . . . . . . . . . . . . . . . . . . 6 7 RA Considerations . . . . . . . . . . . . . . . . . . . . . . . 6 8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 6.1 Normative References . . . . . . . . . . . . . . . . . . . 8 6.2 Informative References . . . . . . . . . . . . . . . . . . 8 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 8 Marschall [Page 2] VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024 1 Introduction MHA is a hash function which performs multiple hash iterations on a base hash function. It should be save even if the base hash function is broken. This function is pretty slow because of the iterations, but therefore secure against offline attacks or rainbowtables. Also, the slowlyness of this hash makes the creation of rainbow tables much harder. 1.1 Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2 Definition MHA(x, iteratedSalt, iterations) = rec(iterations, x, iteratedSalt). rec[n, x, iteratedSalt] = iteratedSalt || rec[n-1, x, iteratedSalt] || iteratedSalt. rec[0, x, iteratedSalt] = x. 3 Notation 3.1 Modular Crypt Format Notation Format of the MCF: $$$$ is 1.3.6.1.4.1.37476.3.2.1.1 is a=,i= where is any valid hash algorithm (name scheme of PHP hash_algos() preferred), e.g. - sha3-512 - sha3-384 - sha3-256 - sha3-224 - sha512 - sha512/256 Marschall [Page 3] VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024 - sha512/224 - sha384 - sha256 - sha224 - sha1 - md5 Not possible with MHA1 are these hashes (because they have a special salt-handling and output their own crypt format): - bcrypt [Standardized crypt identifier 2, 2a, 2x, 2y] - argon2i [Crypt identifier argon2i, not standardized] - argon2id [Crypt identifier argon2i, not standardized] are the iterations. Like most Crypt-hashes, and are Radix64 coded without padding and with alphabet './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'. 3.2 Heterogenous Systems Notation The "heterogenous systems notation" (HSN) is DEPRECATED in favor of the modular crypt format notation! $$$$ - is the OID for a MHA1 algorithm in its dot-notation without leading dot, which is 1.3.6.1.4.1.37476.3.2.1.1 This OID has ASN.1 Notation: { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specification(3) algorithm(2) hash(1) mha1(1) } - should be an OID which represents the base hash ("H") algorithm used, in dot-notation. The following table shows the OIDs which have been assigned for exchange between heterogenous systems. If you want to use a different hash algorithm or a derivate of it, please define your own OID (you can use an UUID OID, get a free IANA PEN OID, or a free ViaThinkSoft OID), but please do not use this arc, since only ViaThinkSoft may maintain it. -------------------------------------------------------------- Base algorithm OID proposal -------------------------------------------------------------- Message Digest 4 (MD4) 1.3.6.1.4.1.37476.3.2.1.99.1 Message Digest 5 (MD5) 1.3.6.1.4.1.37476.3.2.1.99.2 Marschall [Page 4] VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024 RIPEMD-160 1.3.6.1.4.1.37476.3.2.1.99.3 Secure Hash Algorithm 1.3.6.1.4.1.37476.3.2.1.99.4 Secure Hash Algorithm 1 1.3.6.1.4.1.37476.3.2.1.99.5 Secure Hash Algorithm 2/224 1.3.6.1.4.1.37476.3.2.1.99.6.224 Secure Hash Algorithm 2/256 1.3.6.1.4.1.37476.3.2.1.99.6.256 Secure Hash Algorithm 2/384 1.3.6.1.4.1.37476.3.2.1.99.6.384 Secure Hash Algorithm 2/512 1.3.6.1.4.1.37476.3.2.1.99.6.512 Secure Hash Algorithm 3/224 1.3.6.1.4.1.37476.3.2.1.99.7.224 Secure Hash Algorithm 3/256 1.3.6.1.4.1.37476.3.2.1.99.7.256 Secure Hash Algorithm 3/384 1.3.6.1.4.1.37476.3.2.1.99.7.384 Secure Hash Algorithm 3/512 1.3.6.1.4.1.37476.3.2.1.99.7.512 -------------------------------------------------------------- - is the number of iterations, e.g. 1987. - is the iterated salt used for MHA1, encoded in Base64. - is the resulting hash, encoded in Base64. 4 Test Vectors MHA1 - Base algo 'sha1', Input '', Salt '', Iterations 1987 MCF: $1.3.6.1.4.1.37476.3.2.1.1$a=sha1,i=1987$$SMJt5BeI3z2Q577 2DcQUXiFBHmO HSN: 1.3.6.1.4.1.37476.3.2.1.1$1.3.6.1.4.1.37476.3.2.1.99.5$19 87$$UOLv7DgK5/4S7994FeSWZkHDJoQ= Hex: 50e2efec380ae7fe12efdf7815e4966641c32684 MHA1 - Base algo 'sha1', Input 'The quick brown fox jumps over the lazy dog', Salt '', Iterations 1987 MCF: $1.3.6.1.4.1.37476.3.2.1.1$a=sha1,i=1987$$9obb16qgeksp9r4 iSz.o77EUQlC HSN: 1.3.6.1.4.1.37476.3.2.1.1$1.3.6.1.4.1.37476.3.2.1.99.5$19 87$$Bqdd38sigmurBt6kU/0q99GWSnE= Hex: 06a75ddfcb22826bab06dea453fd2af7d1964a71 Marschall [Page 5] VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024 5 Reference implementation // Implementation in PHP, with hex output function mha1($password, $iteratedSalt, $iterations, $base_algo) { assert($iterations >= 1); $m = $password; for ($i=1; $i<=$iterations; $i++) { $m = hash($base_algo, $iteratedSalt.$m.$iteratedSalt, true/*binary*/); } return bin2hex($m); } // Framework for PHP, with MCF output and auto-generated salt: // https://github.com/danielmarschall/php_utils/blob/master/ // vts_crypt.inc.php include 'vts_crypt.inc.php'; $hash = vts_password_hash($data, PASSWORD_VTS_MHA1, ['algo'=>'sha1', 'salt_length'=>16, 'iterations'=>1987]); assert(vts_password_verify($data, $hash)); 6 Security Considerations Hash values play a crucial role in various security contexts, such as password verification. For detailed guidance on securely managing hashes, please consult the relevant literature or documentation. MHA1 might be prone to collisions because the probability of collisions increases with the iterations. 6.1 Runtime complexity The number of hash OPs is . 7 RA Considerations OID: 1.3.6.1.4.1.37476.3.2.1.1 WEID: weid:pen:SX0-3-2-1-1-1 ASN1: { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specifications(3) algorithm(2) hash(1) mha1(1)|mha-family(1) } IRI: /.../Specifications/Algorithm/Hash/MHA1|MHA-Family Marschall [Page 6] VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024 Deprecated children: + mha(0), IRI MHA + ... illegal(0) + ... mha-1987(1987) + ... ... binary(0) + ... ... base64(1) + ... ... hexadecimal(2)|base16(2) + md5mha(1), IRI Md5MHA + ... illegal(0) + ... md5mha-1987(1987) + ... ... binary(0) + ... ... base64(1) + ... ... hexadecimal(2)|base16(2) OID: 1.3.6.1.4.1.37476.3.2.1.99 ASN1: { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specifications(3) algorithm(2) hash(1) foreign(99) } IRI: /.../Specifications/Algorithm/Hash/Foreign WEID: weid:pen:SX0-3-2-1-2R-2 Children: + md4(1), IRI MD4 + md5(3), IRI MD5 + ripemd160(3), IRI RIPEMD-160 + sha0(4), IRI SHA0 + sha1(5), IRI SHA1 + sha2(6), IRI SHA2 + ... 224 + ... 256 + ... 384 + ... 512 + ... ... 224 + ... ... 256 + sha3(7), IRI SHA3 + ... 224 + ... 256 + ... 384 + ... 512 + shake(8), IRI SHAKE + ... 128 + ... 256 Marschall [Page 7] VTS/WF STD. 5 ViaThinkSoft MHA1 4 September 2024 8 References 6.1 Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . 6.2 Informative References None Acknowledgements I would like to thank Melanie Wehowski for her long time support in OIDplus and WEID projects. This document was written in Nroff Internet Draft Editor by 3xA Security. https://aaa-sec.com/nroffedit/ https://misc.daniel-marschall.de/patches/nroffedit/ ("year 2020" patch) Authors' Addresses Daniel Marschall Postfach 11 53 69243 Bammental Germany Email: daniel-marschall@viathinksoft.de URI: https://www.viathinksoft.com/ Marschall [Page 8]