January 18, 2021
Hot Topics:

Message Authentication: Unlocking the Secrets of the Java Cryptography Extensions

  • By David Thurmond
  • Send Email »
  • More Articles »

In my article "Unlocking the Secrets of Java Cryptography Extensions: The Basics," I introduced you to the Java Cryptography Extension and the theory of encrypting and decrypting data. But, how can you be sure of the integrity of your encrypted data? Encryption and decryption are only part of the picture. Here, you will learn about message authentication codes (MAC), and how to verify that the message you received is really what was sent.

What Is Message Authentication?

Message authentication is an algorithm for checking the integrity of a secret message upon receipt and decryption. To authenticate a deciphered message, the recipient applies a mathematical function called a cryptographic hash function to the decrypted plaintext, and checks the final value against an identically computed value that was also received from the message sender. If the values computed agree, the message is legitimate; if not, it is likely that the message was intercepted and changed before reaching the recipient.

Ideally, the hash value from the message sender comes to the recipient separately from the message. This adds an extra layer of security to the exchange because anyone intercepting the message must also intercept the hash code, and must know how to recompute the hash code for their new, different message.

Although this sounds pretty secure, it is certainly not foolproof. Listing 1 shows an absurdly simple example of a "cryptographic" hash function that computes a hash value based on a simple numeric value being assigned to the characters in the message.

Listing 1: SimpleCryptoHash.java

package com.dlt.developer.mac;

import java.io.*;
import java.util.HashMap;

public class SimpleCryptoHash {
   private HashMap codeMap;

   public SimpleCryptoHash() {
      codeMap = new HashMap();
      StringBuffer sb = new
         StringBuffer(" ABCDEFGHIJKLMNOPQRSTUVWXYZ.,?!");
      for (int value = 0; value < sb.length(); value++) {
         String key = String.valueOf(sb.charAt(value));
         Integer val = new Integer(value);
         codeMap.put(key, value);
      }    // for value
   }       // SimpleCryptoHash()

   public String getPlainText() {
      System.out.print("Enter plaintext:");
      String plaintext = "";
      BufferedReader br =
         new BufferedReader(new InputStreamReader(System.in)); 
      try {
         plaintext = br.readLine();
      } catch (IOException ioe) {
         System.out.println("IO error trying to read plaintext!");
      }    // catch
      return plaintext;
   }       // getPlainText()

   public int getHashCode(String plaintext)
      throws IllegalArgumentException {
      int hashCode = 0;
      StringBuffer sb = new StringBuffer(plaintext.toUpperCase());
      for (int i = 0; i < sb.length(); i++) {
         String key = String.valueOf(sb.charAt(i));
         Integer val = (Integer)codeMap.get(key);
         if (val == null) {
            throw new IllegalArgumentException("The character " +
               key + " is not in the code map.");
         }    // if
         hashCode = hashCode + val.intValue();
      }       // for i
      return hashCode;
   }          // getHashCode()

   public static void main(String[] args) {
      System.out.println("This program generates a simple hashcode
                          for the plaintext you enter.");
      SimpleCryptoHash theHash = new SimpleCryptoHash();
      String plaintext = theHash.getPlainText();
      int hashCode = theHash.getHashCode(plaintext);
      System.out.println("The hashcode for the plaintext \'" +
                         plaintext + "\' is " + hashCode);
   }    // main()

}    // SimpleCryptoHash

Following is sample output from running this program:

This program generates a simple hashcode for the plaintext
   you enter.
Enter plaintext:Attack at dawn!
The hashcode for the plaintext 'Attack at dawn!' is 149

Running the program a second time shows the fatal flaw in my cryptographic hash function:

This program generates a simple hashcode for the plaintext
   you enter.
Enter plaintext:Surrender.
The hashcode for the plaintext 'Surrender.' is 149

Page 1 of 4

This article was originally published on December 1, 2008

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date