VIATHINKSOFT/WEBFAN D. Marschall SPECIFICATION No. 7 ViaThinkSoft First Draft: 2018 4 September 2024 === Marschall Hash 3 (MHA3) === Abstract This document describes the hash algorithm MHA3. Identification of this Document Revision: 2024-09-04 State: Deprecated Filename: viathinksoft-std-0007-mha3.txt URN: urn:x-viathinksoft:std:0007:2024-09-04 OID: 1.3.6.1.4.1.37476.3.2.1.3 { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specifications(3) algorithm(2) hash(1) mha3(3) } WEID: weid:pen:SX0-3-2-1-3-7 IETF/RFC: (None) Attachments Reference implementation in PHP: https://github.com/danielmarschall/php_utils/blob/master/ vts_crypt.inc.php Copyright Notice Copyright (c) 2018-2024 ViaThinkSoft and the persons identified as the document authors. All rights reserved. Licensed under the terms of the Apache 2.0 License. Marschall [Page 1] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 Table of Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 2 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 Example . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 3.1 Modular Crypt Format Notation . . . . . . . . . . . . . . . 4 3.2 Heterogenous Systems Notation . . . . . . . . . . . . . . . 5 4 Test Vectors . . . . . . . . . . . . . . . . . . . . . . . . . 6 5 Reference implementation . . . . . . . . . . . . . . . . . . . 7 6 Security Considerations . . . . . . . . . . . . . . . . . . . . 8 6.1 Runtime complexity . . . . . . . . . . . . . . . . . . . . 8 7 RA Considerations . . . . . . . . . . . . . . . . . . . . . . . 8 8 References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 6.1 Normative References . . . . . . . . . . . . . . . . . . . 9 6.2 Informative References . . . . . . . . . . . . . . . . . . 9 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 9 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 9 Marschall [Page 2] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 1 Introduction MHA3 is a method to strengthen a weak hash function, e.g. in case that the development environment or hardware does not allow using a new implementation of a modern hash variant like SHA256 or SHA3. MHA3 was designed with following goals: 1. It should be simple to implement 2. The memory usage should be low 3. The calculation time should be high, to avoid brute force; the complexity can be defined by the number of iterations 4. The length of the hash should be variable, i.e. "Extendable-Output Function" (XOF) 5. It should hardening each hash, crc32 as well as md5 6. If the base hash function is compromised, MHA3 would be still safe. 1.1 Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2 Definition MHA3(C,L,I) := A(C,L,0) xor ... xor A(C,L,I-1) with: A(C,L,n) := B(C,n*L) & ... & B(C,n*L+(L-1)) B(C,n) := Q(H(C & (R^n))) Symbols: C: input data. L: Desired length of the hash in bytes (L >= 1). I: Number of iterations (I >= 1). Marschall [Page 3] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 & is concatenation. H(s) is an existing hash function (unsalted). Q(s) is the sum of all bytes mod 256 of the string s. R is a constant value. We choose the single byte 0x01. R^n are n repetitions (concatenations) of R. 2.1 Example First step: MHA3("test",3,2) = A("test",3,0) xor A("test",3,1) A("test",3,0) = B("test",0) & B("test",1) & B("test",2) A("test",3,1) = B("test",3) & B("test",4) & B("test",5) B("test",0) = Q(H("test")) B("test",1) = Q(H("test" & 0x01)) B("test",2) = Q(H("test" & 0x01 & 0x01)) B("test",3) = Q(H("test" & 0x01 & 0x01 & 0x01)) B("test",4) = Q(H("test" & 0x01 & 0x01 & 0x01 & 0x01)) B("test",5) = Q(H("test" & 0x01 & 0x01 & 0x01 & 0x01 & 0x01)) Second step: MHA3("test",3,2) = (B("test",0) & B("test",1) & B("test",2)) xor (B("test",3) & B("test",4) & B("test",5)) Third step: MHA3("test",3,2) = (Q(H("test"&(R^0))) & Q(H("test"&(R^1))) & Q(H("test"&(R^2)))) xor (Q(H("test"&(R^3))) & Q(H("test"&(R^4))) & Q(H("test"&(R^5)))) 3 Notation 3.1 Modular Crypt Format Notation Format of the MCF: $$$$ is 1.3.6.1.4.1.37476.3.2.1.1 Marschall [Page 4] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 is a=,i=,l= where is any valid hash algorithm (name scheme of PHP hash_algos() preferred), e.g. - sha3-512 - sha3-384 - sha3-256 - sha3-224 - sha512 - sha512/256 - sha512/224 - sha384 - sha256 - sha224 - sha1 - md5 Not possible with MHA3 are these hashes (because they have a special salt-handling and output their own crypt format): - bcrypt [Standardized crypt identifier 2, 2a, 2x, 2y] - argon2i [Crypt identifier argon2i, not standardized] - argon2id [Crypt identifier argon2i, not standardized] are the iterations. are the length. is always empty for MHA3. Like most Crypt-hashes, is Radix64 coded without padding and with alphabet './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'. 3.2 Heterogenous Systems Notation The "heterogenous systems notation" (HSN) is DEPRECATED in favor of the modular crypt format notation! $$$$ - is the OID for a MHA3 algorithm in its dot-notation without leading dot, which is 1.3.6.1.4.1.37476.3.2.1.3 This OID has ASN.1 Notation: { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specification(3) algorithm(2) hash(1) mha3(3) } Marschall [Page 5] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 - should be an OID which represents the base hash ("H") algorithm used, in dot-notation. The following table shows the OIDs which have been assigned for exchange between heterogenous systems. If you want to use a different hash algorithm or a derivate of it, please define your own OID (you can use an UUID OID, get a free IANA PEN OID, or a free ViaThinkSoft OID), but please do not use this arc, since only ViaThinkSoft may maintain it. -------------------------------------------------------------- Base algorithm OID proposal -------------------------------------------------------------- Message Digest 4 (MD4) 1.3.6.1.4.1.37476.3.2.1.99.1 Message Digest 5 (MD5) 1.3.6.1.4.1.37476.3.2.1.99.2 RIPEMD-160 1.3.6.1.4.1.37476.3.2.1.99.3 Secure Hash Algorithm 1.3.6.1.4.1.37476.3.2.1.99.4 Secure Hash Algorithm 1 1.3.6.1.4.1.37476.3.2.1.99.5 Secure Hash Algorithm 2/224 1.3.6.1.4.1.37476.3.2.1.99.6.224 Secure Hash Algorithm 2/256 1.3.6.1.4.1.37476.3.2.1.99.6.256 Secure Hash Algorithm 2/384 1.3.6.1.4.1.37476.3.2.1.99.6.384 Secure Hash Algorithm 2/512 1.3.6.1.4.1.37476.3.2.1.99.6.512 Secure Hash Algorithm 3/224 1.3.6.1.4.1.37476.3.2.1.99.7.224 Secure Hash Algorithm 3/256 1.3.6.1.4.1.37476.3.2.1.99.7.256 Secure Hash Algorithm 3/384 1.3.6.1.4.1.37476.3.2.1.99.7.384 Secure Hash Algorithm 3/512 1.3.6.1.4.1.37476.3.2.1.99.7.512 -------------------------------------------------------------- - is the length of the resulting hash in bytes, e.g. 500. - is the number of iterations, e.g. 16. - is the resulting hash, encoded in Base64. 4 Test Vectors MHA3 - Base algo 'sha1', Input '', Length '16', Iterations 500 MCF: $1.3.6.1.4.1.37476.3.2.1.3$a=sha1,i=500,l=16$$YWyFPPG1f7D hBv.I9m78zu HSN: 1.3.6.1.4.1.37476.3.2.1.2$1.3.6.1.4.1.37476.3.2.1.99.5$16 $500$aY+HRRI3h9FjDx0KBo9A/w== Hex: 698f8745123787d1630f1d0a068f40ff MHA3 - Base algo 'sha1', Input '', Length '32', Iterations 500 MCF: $1.3.6.1.4.1.37476.3.2.1.3$a=sha1,i=500,l=32$$/A89J91ZJhZ BOB5ahi.SVily.e466dkslCi8b92eGA6 HSN: 1.3.6.1.4.1.37476.3.2.1.2$1.3.6.1.4.1.37476.3.2.1.99.5$32 $500$1CABLB3bLjbDQD7cjk0UXkn+0g688fmunEkAdB4gIC8= Marschall [Page 6] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 Hex: d420012c1ddb2e36c3403edc8e4d145e49fed20ebcf1f9ae9c4900741 e20202f MHA3 - Base algo 'sha1', Input 'The quick brown fox jumps over the lazy dog', Length '16', Iterations 500 MCF: $1.3.6.1.4.1.37476.3.2.1.3$a=sha1,i=500,l=16$$E183Xe/hsyN CTxYVuPvC1u HSN: 1.3.6.1.4.1.37476.3.2.1.2$1.3.6.1.4.1.37476.3.2.1.99.5$16 $500$G3A5Zg1ju+PEVzaXwRxE3w== Hex: 1b7039660d63bbe3c4573697c11c44df MHA3 - Base algo 'sha1', Input 'The quick brown fox jumps over the lazy dog', Length '32', Iterations 500 MCF: $1.3.6.1.4.1.37476.3.2.1.3$a=sha1,i=500,l=32$$x6av.OpWEDf bTdD6sprBQv4RGInHuhuJ0MFrmyYbela HSN: 1.3.6.1.4.1.37476.3.2.1.2$1.3.6.1.4.1.37476.3.2.1.99.5$32 $500$z8cx0QrYGFhdVfF8urtDSx6TIKpJwjwL2OHto+adgnc= Hex: cfc731d10ad818585d55f17cbabb434b1e9320aa49c23c0bd8e1eda3e 69d8277 5 Reference implementation // Implementation in PHP, with hex output function bytesum_mod256($x) { $res = 0; for ($i=0; $i=1); $out = array(); for ($l=0; $l<$length; $l++) { $out[$l] = 0; } for ($i=0; $i<$iterations; $i++) { for ($l=0; $l<$length; $l++) { $n = $i*$length + $l; $salt = str_repeat(chr(1), $n); $out[$l] ^= bytesum_mod256( hash($base_algo, $content.$salt, true)); } } return array_to_binarystring($out); } Marschall [Page 7] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 // Framework for PHP, with MCF output: // https://github.com/danielmarschall/php_utils/blob/master/ // vts_crypt.inc.php include 'vts_crypt.inc.php'; $hash = vts_password_hash($data, PASSWORD_VTS_MHA3, ['algo'=>'sha1', 'length'=>32, 'iterations'=>500]); assert(vts_password_verify($data, $hash)); 6 Security Considerations Hash values play a crucial role in various security contexts, such as password verification. For detailed guidance on securely managing hashes, please consult the relevant literature or documentation. MHA3 has not been proved to be secure. Use it with caution. 6.1 Runtime complexity The number of hash OPs is times . 7 RA Considerations OID: 1.3.6.1.4.1.37476.3.2.1.3 WEID: weid:pen:SX0-3-2-1-3-7 ASN1: { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specifications(3) algorithm(2) hash(1) mha3(3) } IRI: /.../Specifications/Algorithm/Hash/MHA3 OID: 1.3.6.1.4.1.37476.3.2.1.99 ASN1: { iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprise(1) 37476 specifications(3) algorithm(2) hash(1) foreign(99) } IRI: /.../Specifications/Algorithm/Hash/Foreign WEID: weid:pen:SX0-3-2-1-2R-2 Children: + md4(1), IRI MD4 + md5(3), IRI MD5 + ripemd160(3), IRI RIPEMD-160 + sha0(4), IRI SHA0 + sha1(5), IRI SHA1 + sha2(6), IRI SHA2 + ... 224 + ... 256 + ... 384 + ... 512 Marschall [Page 8] VTS/WF STD. 7 ViaThinkSoft MHA3 4 September 2024 + ... ... 224 + ... ... 256 + sha3(7), IRI SHA3 + ... 224 + ... 256 + ... 384 + ... 512 + shake(8), IRI SHAKE + ... 128 + ... 256 8 References 6.1 Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . 6.2 Informative References None Acknowledgements I would like to thank Melanie Wehowski for her long time support in OIDplus and WEID projects. This document was written in Nroff Internet Draft Editor by 3xA Security. https://aaa-sec.com/nroffedit/ https://misc.daniel-marschall.de/patches/nroffedit/ ("year 2020" patch) Authors' Addresses Daniel Marschall Postfach 11 53 69243 Bammental Germany Email: daniel-marschall@viathinksoft.de URI: https://www.viathinksoft.com/ Marschall [Page 9]