Friday, March 13, 2020

Resolution against NPR moved in Delhi assembly

Environment minister Gopal Rai on Friday moved a resolution in the Delhi Assembly against the implementation of the National Population Register in the national capital and said if executed, it should be applied using the procedure of 2010.

Rai said the National Population Register (NPR) and National Register of Citizens(NRC) are not only meant for a "particular religion" but will also impact the majority population.

"... Such a type of thing did not happen even during the British rule. This is raising questions on every person's citizenship," he said in the Assembly.

"NPR should not be implemented in Delhi and if it is implemented, it should be done according to the procedure followed in 2010," Rai said.

The Delhi government called a one-day special assembly session on the NRC-NPR issue and the coronavirus situation in the national capital.

The Delhi Assembly passed a resolution against the National Population Register (NPR) and the National Register of Citizens (NRC) on Friday.

The resolution "earnestly" appealed to the Centre to withdraw and not carry out the whole exercise of NRC and NPR "in the interest of the nation, particularly when the economy is witnessing the worst-ever downslide and unemployment is witnessing a terrifying growth, and with the threat of the corona pandemic looming large".

It also said "should the Government of India insist on going ahead" with the exercise, it should be restricted to carrying out the NPR only with its 2010 format and no new fields added to it.

Delhi joins the list of the assemblies of Puducherry, Punjab, Madhya Pradesh, Kerala and West Bengal in passing resolutions either against the Citizenship (Amendment) Act (CAA) or the NRC or the NPR.

At a special daylong session of the Delhi Assembly, which was held to discuss the NPR and the NRC, Chief Minister Arvind Kejriwal requested the Centre to withdraw the documents since those were inter-linked.

"Me, my wife, my entire cabinet do not have birth certificates to prove citizenship. Will we be sent to detention centres?," he asked.

The Aam Aadmi Party (AAP) supremo challenged Union ministers to show their birth certificates issued by the government.

He asked the MLAs to raise their hands if they had birth certificates, following which only nine legislators in the 70-member House raised their hands.

"Sixty-one members of the House do not have birth certificates," Kejriwal said, adding, "Will they be sent to detention centres?" He claimed that with the NPR being implemented from next month, not only Muslims, but also Hindus who do not have birth certificates issued by a government agency will be affected.

Coronavirus Disease 2019 (COVID-19)

Stay home for 14 days from the time you left an area with widespread, ongoing community spread (Level 3 Travel Health Notice countries) and practice social distancing.

Take these steps to monitor your health and practice social distancing:

Take your temperature with a thermometer two times a day and monitor for fever. Also watch for cough or trouble breathing.
Stay home and avoid contact with others. Do not go to work or school for this 14-day period. Discuss your work situation with your employer before returning to work.
Do not take public transportation, taxis, or ride-shares during the time you are practicing social distancing.
Avoid crowded places (such as shopping centers and movie theaters) and limit your activities in public.
Keep your distance from others (about 6 feet or 2 meters).

Anti-viral foods

Coronavirus: Anti-viral foods to build immunity and keep diseases away

With three confirmed cases of the Coronavirus (n-COV) in India, the focus remains on treatment as well as prevention of the deadly virus that is said to have its origin from a seafood market in China's Wuhan.

Symptoms of Coronavirus

A runny nose accompanied by fever, cough, headaches, sore throat, breathing issues, inflammation in the lungs, but not to be confused with pneumonia. This virus has an incubation period of 14 days. So if you have any of these symptoms persisting for more than six-seven days, consult a medical practitioner. The faster you boost your immunity, the better it is, mentioned Coutinho.

Anti-viral foods in your diet

Garlic

It is a powerful anti-viral. It can be eaten raw, mashed or can be added to soups. Mix chopped raw garlic with a tablespoon of unpasteurised, raw honey and consume a clove every day after two to three days. It's a fantastic way to boost your immune system, mentioned Coutinho.

Star anise

The flower-shaped spice contains shikimic acid that is used as a base material for the production of Tamiflu, which is used for influenza virus. It is super powerful as an anti-viral. Take star anise and boil it in water and add it to your teas like green tea or black tea.

Ginger

Count on these foods to boost your immunity. (Source: File Photo)

Take mashed ginger and star anise, and make a concoction by adding little raw, unpasteurised honey.

Coconut oil

You can cook your food in pure cold-pressed coconut oil or even have it raw. Lauric acid and caprylic acid present in it are essential for boosting the immune system against virals.

Resveratrol

Foods rich in resveratrol such as peanuts, pistachios, grapes, red, white wine, blueberries, cranberries, strawberries, and even cocoa and dark chocolate are helpful to fight fungal infection, ultraviolet radiation, stress, and injury.

Symptoms of coronavirus

The symptoms of coronavirus are:

a cough
a high temperature
shortness of breath

But these symptoms do not necessarily mean you have the illness.

The symptoms are similar to other illnesses that are much more common, such as cold and flu.

How coronavirus is spread

Because it's a new illness, we do not know exactly how coronavirus spreads from person to person.

Similar viruses are spread in cough droplets.

It's very unlikely it can be spread through things like packages or food.

Do I need to avoid public places?

Most people can continue to go to work, school and other public places.

You only need to stay away from public places (self-isolate) if advised to by the 111 online coronavirus service or a medical professional.

Prevention

There is currently no vaccine to prevent coronavirus disease 2019 (COVID-19). The best way to prevent illness is to avoid being exposed to this virus. However, as a reminder, CDC always recommends everyday preventive actions to help prevent the spread of respiratory diseases, including:

Avoid close contact with people who are sick.

Avoid touching your eyes, nose, and mouth.

Stay home when you are sick.

Cover your cough or sneeze with a tissue, then throw the tissue in the trash.

Clean and disinfect frequently touched objects and surfaces using a regular household cleaning spray or wipe.

Follow CDC’s recommendations for using a facemask.

CDC does not recommend that people who are well wear a facemask to protect themselves from respiratory diseases, including COVID-19.

Facemasks should be used by people who show symptoms of COVID-19 to help prevent the spread of the disease to others. The use of facemasks is also crucial for health workers and people who are taking care of someone in close settings (at home or in a health care facility).

VIRUSES AND RELATED THREATS

Perhaps the most sophisticated types of threats to computer systems are presented by programs that exploit vulnerabilities in computing systems.

Malicious software can be divided into two categories: those that need a host program, and those that are independent. The former are essentially fragments of programs that cannot exist independently of some actual application program, utility, or system program. Viruses, logic bombs, and backdoors are examples. The latter are self-contained programs that can be scheduled and run by the operating system. Worms and zombie programs are examples.

The Nature of Viruses

A virus is a piece of software that can "infect" other programs by modifying them; the modification includes a copy of the virus program, which can then go on to infect other programs. A virus can do anything that other programs do. The only difference is that it attaches itself to another program and executes secretly when the host program is run. Once a virus is executing, it can perform any function, such as erasing files and programs.

During its lifetime, a typical virus goes through the following four phases:

Dormant phase: The virus is idle. The virus will eventually be activated by some event, such as a date, the presence of another program or file, or the capacity of the disk exceeding some limit. Not all viruses have this stage.

Propagation phase: The virus places an identical copy of itself into other programs or into certain system areas on the disk. Each infected program will now contain a clone of the virus, which will itself enter a propagation phase.

Triggering phase: The virus is activated to perform the function for which it was intended. As with the dormant phase, the triggering phase can be caused by a variety of system events, including a count of the number of times that this copy of the virus has made copies of itself.

Execution phase: The function is performed. The function may be harmless, such as a message on the screen, or damaging, such as the destruction of programs and data files.

Virus Structure

A virus can be prepended or postpended to an executable program, or it can be embedded in some other fashion. The key to its operation is that the infected program, when invoked, will first execute the virus code and then execute the original code of the program. An infected program begins with the virus code and works as follows. The first line of code is a jump to the main virus program. The second line is a special marker that is used by the virus to determine whether or not a potential victim program has already been infected with this virus.

When the program is invoked, control is immediately transferred to the main virus program. The virus program first seeks out uninfected executable files and infects them. Next, the virus may perform some action, usually detrimental to the system. This action could be performed every time the program is invoked, or it could be a logic bomb that triggers only under certain conditions.

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. This page explains what TLS is, how it works, and why you should deploy it.

What is TLS?

TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet. It is mostly familiar to users through its use in secure web browsing, and in particular the padlock icon that appears in web browsers when a secure session is established. However, it can and indeed should also be used for other applications such as e-mail, file transfers, video/audioconferencing, instant messaging and voice-over-IP, as well as Internet services such as DNS and NTP.

TLS evolved from Secure Socket Layers (SSL) which was originally developed by Netscape Communications Corporation in 1994 to secure web sessions. SSL 1.0 was never publicly released, whilst SSL 2.0 was quickly replaced by SSL 3.0 on which TLS is based.

TLS was first specified in RFC 2246 in 1999 as an applications independent protocol, and whilst was not directly interoperable with SSL 3.0, offered a fallback mode if necessary. However, SSL 3.0 is now considered insecure and was deprecated by RFC 7568 in June 2015, with the recommendation that TLS 1.2 should be used. TLS 1.3 is also currently (as of December 2015) under development and will drop support for less secure algorithms.

It should be noted that TLS does not secure data on end systems. It simply ensures the secure delivery of data over the Internet, avoiding possible eavesdropping and/or alteration of the content.

TLS is normally implemented on top of TCP in order to encrypt Application Layer protocols such as HTTP, FTP, SMTP and IMAP, although it can also be implemented on UDP, DCCP and SCTP as well (e.g. for VPN and SIP-based application uses). This is known as Datagram Transport Layer Security (DTLS) and is specified in RFCs 6347, 5238 and 6083.

Why should I care about TLS?

Data has historically been transmitted unencrypted over the Internet, and where encryption was used, it was typically employed in a piecemeal fashion for sensitive information such as passwords or payment details. Whilst it was recognised back in 1996 (by RFC 1984) that the growth of the Internet would require private data to be protected, it has become increasingly apparent over the intervening period that the capabilities of eavesdroppers and attackers are greater and more pervasive than previously thought. The IAB therefore released a statement in November 2014 calling on protocol designers, developers, and operators to make encryption the norm for Internet traffic, which essentially means making it confidential by default.

Without TLS, sensitive information such as logins, credit card details and personal details can easily be gleaned by others, but also browsing habits, e-mail correspondence, online chats and conferencing calls can be monitored. By enabling client and server applications to support TLS, it ensures that data transmitted between them is encrypted with secure algorithms and not viewable by third parties.

Recent versions of all major web browsers currently support TLS, and it is increasingly common for web servers to support TLS by default. However, use of TLS for e-mail and certain other applications is still often not mandatory, and unlike with web browsers that provide visual clues, it is not always apparent to users whether their connections are encrypted.

It is therefore recommended that all clients and servers insist on mandatory usage of TLS in their communications, and preferably the most recent version TLS 1.2. For complete security, it is necessary to use it in conjunction with a publicly trusted X.509 Public Key Infrastructure (PKI) and preferably DNSSEC as well in order to authenticate that a system to which a connection is being made is indeed what it claims to be.

How does TLS work?

TLS uses a combination of symmetric and asymmetric cryptography, as this provides a good compromise between performance and security when transmitting data securely.

With symmetric cryptography, data is encrypted and decrypted with a secret key known to both sender and recipient; typically 128 but preferably 256 bits in length (anything less than 80 bits is now considered insecure). Symmetric cryptography is efficient in terms of computation, but having a common secret key means it needs to be shared in a secure manner.

Asymmetric cryptography uses key pairs – a public key, and a private key. The public key is mathematically related to the private key, but given sufficient key length, it is computationally impractical to derive the private key from the public key. This allows the public key of the recipient to be used by the sender to encrypt the data they wish to send to them, but that data can only be decrypted with the private key of the recipient.

The advantage of asymmetric cryptography is that the process of sharing encryption keys does not have to be secure, but the mathematical relationship between public and private keys means that much larger key sizes are required. The recommended minimum key length is 1024 bits, with 2048 bits preferred, but this is up to a thousand times more computationally intensive than symmetric keys of equivalent strength (e.g. a 2048-bit asymmetric key is approximately equivalent to a 112-bit symmetric key) and makes asymmetric encryption too slow for many purposes.

For this reason, TLS uses asymmetric cryptography for securely generating and exchanging a session key. The session key is then used for encrypting the data transmitted by one party, and for decrypting the data received at the other end. Once the session is over, the session key is discarded.

A variety of different key generation and exchange methods can be used, including RSA, Diffie-Hellman (DH), Ephemeral Diffie-Hellman (DHE), Elliptic Curve Diffie-Hellman (ECDH) and Ephemeral Elliptic Curve Diffie-Hellman (ECDHE). DHE and ECDHE also offer forward secrecy whereby a session key will not be compromised if one of the private keys is obtained in future, although weak random number generation and/or usage of a limited range of prime numbers has been postulated to allow the cracking of even 1024-bit DH keys given state-level computing resources. However, these may be considered implementation rather than protocol issues, and there are tools available to test for weaker cipher suites.

With TLS it is also desirable that a client connecting to a server is able to validate ownership of the server’s public key. This is normally undertaken using an X.509 digital certificate issued by a trusted third party known as a Certificate Authority (CA) which asserts the authenticity of the public key. In some cases, a server may use a self-signed certificate which needs to be explicitly trusted by the client (browsers should display a warning when an untrusted certificate is encountered), but this may be acceptable in private networks and/or where secure certificate distribution is possible. It is highly recommended though, to use certificates issued by publicly trusted CAs.

What is a CA?

A Certificate Authority (CA) is an entity that issues digital certificates conforming to the ITU-T’s X.509 standard for Public Key Infrastructures (PKIs). Digital certificates certify the public key of the owner of the certificate (known as the subject), and that the owner controls the domain being secured by the certificate. A CA therefore acts as a trusted third party that gives clients (known as relying parties) assurance they are connecting to a server operated by a validated entity.

End entity certificates are themselves validated through a chain-of-trust originating from a root certificate, otherwise known as the trust anchor. With asymmetric cryptography it is possible to use the private key of the root certificate to sign other certificates, which can then be validated using the public key of the root certificate and therefore inherit the trust of the issuing CA. In practice, end entity certificates are usually signed by one or more intermediate certificates (sometimes known as subordinate or sub-CAs) as this protects the root certificate in the event that an end entity certificate is incorrectly issued or compromised.

Root certificate trust is normally established through physical distribution of the root certificates in operating systems or browsers. The main certification programs are run by Microsoft (Windows & Windows Phone), Apple (OSX & iOS) and Mozilla (Firefox & Linux) and require CAs to conform to stringent technical requirements and complete a WebTrust, ETSI EN 319 411-3 (formerly TS 102 042) or ISO 21188:2006 audit in order to be included in their distributions. WebTrust is a programme developed by the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants, ETSI is the European Telecommunications Standards Institute, whilst ISO is the International Standards Organisation.

Root certificates distributed with major operating systems and browsers are said to be publicly or globally trusted and the technical and audit requirements essentially means the issuing CAs are multinational corporations or governments. There are currently around fifty publicly trusted CAs, although most/all have more than one root certificate, and most are also members of the CA/Browser Forum which develops industry guidelines for issuing and managing certificates.

It is however also possible to establish private CAs and establish trust through secure distribution and installation of root certificates on client systems. Examples include the RPKI CAs operated by the Regional Internet Registries (AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC) that issue certificates to Local Internet Registries attesting to the IP addresses and AS numbers they hold; as well as the International Grid Trust Federation (IGTF) which provides a trust anchor for issuing server and client certificates used by machines in distributed scientific computing. In these cases, the root certificates can be securely downloaded and installed from sites using a certificate issued by a publicly trusted CA.

Friday, February 28, 2020

HR Interview Questions

Tell me about the most boring job you have ever had.

Job is never boring because if you think job is boring, then you have nothing to else to do. But it's true that I am little bit lazy that type of work which I don't like.

In my point of view, the most boring job you can ever do is sitting idle. Working in any company and in any position will definitely give me a chance to learn something and upgrade myself to be a better person for the organisation and to society.

Why did you resign from your previous job?

First of all, I very thankful to my current company for given an opportunity to work with them and I learned a lot like time management, work under pressure and to talk with officials.

The reason why I am changing is as per salary was not enough for me and also I need to support my father financially so I need to change to grow myself professionally and financially.

I hope this is the platform or job where I can enhance my skills and knowledge.

And I am sure that I will put my 100% knowledge and experience to benefit from this company.

Thank you.

First, I thankful for my previous organisation. Because I learnt a lot of things from there.

For example: time punctuality, to do a work on time, work under pressure, smart work.

According to me, changes are necessary for everyone.

Enhance my skills, knowledge, for personal growth and financial growth, I left my previous organisation.

This organisation is, an excellent platform to improve my skills, knowledge, personal and financial growth.

Thank you Sir/Mam.

Digital Certificate

For analogy, a certificate can be considered as the ID card issued to the person. People use ID cards such as a driver's license, passport to prove their identity. A digital certificate does the same basic thing in the electronic world, but with one difference.

Digital Certificates are not only issued to people but they can be issued to computers, software packages or anything else that need to prove the identity in the electronic world.

Digital certificates are based on the ITU standard X.509 which defines a standard certificate format for public key certificates and certification validation. Hence digital certificates are sometimes also referred to as X.509 certificates.

Public key pertaining to the user client is stored in digital certificates by The Certification Authority (CA) along with other relevant information such as client information, expiration date, usage, issuer etc.
CA digitally signs this entire information and includes digital signature in the certificate.
Anyone who needs the assurance about the public key and associated information of client, he carries out the signature validation process using CA’s public key. Successful validation assures that the public key given in the certificate belongs to the person whose details are given in the certificate.

The process of obtaining Digital Certificate by a person/entity is depicted in the following illustration.

As shown in the illustration, the CA accepts the application from a client to certify his public key. The CA, after duly verifying identity of client, issues a digital certificate to that client.

Certifying Authority (CA)

As discussed above, the CA issues certificate to a client and assist other users to verify the certificate. The CA takes responsibility for identifying correctly the identity of the client asking for a certificate to be issued, and ensures that the information contained within the certificate is correct and digitally signs it.

Key Functions of CA

The key functions of a CA are as follows −

Generating key pairs − The CA may generate a key pair independently or jointly with the client.
Issuing digital certificates − The CA could be thought of as the PKI equivalent of a passport agency − the CA issues a certificate after client provides the credentials to confirm his identity. The CA then signs the certificate to prevent modification of the details contained in the certificate.
Publishing Certificates − The CA need to publish certificates so that users can find them. There are two ways of achieving this. One is to publish certificates in the equivalent of an electronic telephone directory. The other is to send your certificate out to those people you think might need it by one means or another.
Verifying Certificates − The CA makes its public key available in environment to assist verification of his signature on clients’ digital certificate.
Revocation of Certificates − At times, CA revokes the certificate issued due to some reason such as compromise of private key by user or loss of trust in the client. After revocation, CA maintains the list of all revoked certificate that is available to the environment.

Classes of Certificates

There are four typical classes of certificate −

Class 1 − These certificates can be easily acquired by supplying an email address.
Class 2 − These certificates require additional personal information to be supplied.
Class 3 − These certificates can only be purchased after checks have been made about the requestor’s identity.
Class 4 − They may be used by governments and financial organizations needing very high levels of trust.

Registration Authority (RA)

CA may use a third-party Registration Authority (RA) to perform the necessary checks on the person or company requesting the certificate to confirm their identity. The RA may appear to the client as a CA, but they do not actually sign the certificate that is issued.

Certificate Management System (CMS)

It is the management system through which certificates are published, temporarily or permanently suspended, renewed, or revoked. Certificate management systems do not normally delete certificates because it may be necessary to prove their status at a point in time, perhaps for legal reasons. A CA along with associated RA runs certificate management systems to be able to track their responsibilities and liabilities.

Public Key Infrastructure

The most distinct feature of Public Key Infrastructure (PKI) is that it uses a pair of keys to achieve the underlying security service. The key pair comprises of private key and public key.

Since the public keys are in open domain, they are likely to be abused. It is, thus, necessary to establish and maintain some kind of trusted infrastructure to manage these keys.

Key Management

It goes without saying that the security of any cryptosystem depends upon how securely its keys are managed. Without secure procedures for the handling of cryptographic keys, the benefits of the use of strong cryptographic schemes are potentially lost.

It is observed that cryptographic schemes are rarely compromised through weaknesses in their design. However, they are often compromised through poor key management.

There are some important aspects of key management which are as follows −

Cryptographic keys are nothing but special pieces of data. Key management refers to the secure administration of cryptographic keys.
Key management deals with entire key lifecycle as depicted in the following illustration −

There are two specific requirements of key management for public key cryptography.
- Secrecy of private keys. Throughout the key lifecycle, secret keys must remain secret from all parties except those who are owner and are authorized to use them.

The Key Distribution Center

public key encryption has its own difficulties, in particular the problem of obtaining someone's true public key. Both of these problems – determining a shared key for symmetric key cryptography, and securely obtaining the public key for public key cryptography – can be solved using a trusted intermediary. For symmetric key cryptograghy , the trusted intermediary is called a Key Distribution Center (KDC), which is a single, trusted network entity with whom one has established a shared secret key. We will see that one can use the KDC to obtain the shared keys needed to communicate securely with all other network entities. For public key cryptography, the trusted intermediary is called a Certification Authority (CA). A certification authority certifies that a public key belongs to a particular entity (a person or a network entity). For a certified public key, if one can safely trust the CA that the certified the key, then one can be sure about to whom the public key belongs. Once a public key is certified, then it can be distributed from just about anywhere, including a public key server, a personal Web page or a diskette.

The Key Distribution Center

Suppose once again that Bob and Alice want to communicate using symmetric key cryptography. They have never met (perhaps they just met in an on-line chat room) and thus have not established a shared secret key in advance. How can they now agree on a secret key, given that they can only communicate with each other over the network? A solution often adopted in practice is to use a trusted Key Distribution Center (KDC).

The KDC is a server that shares a different secret symmetric key with each registered user. This key might be manually installed at the server when a user first registers. The KDC knows the secret key of each user and each user can communicate securely with the KDC using this key. Let's see how knowledge of this one key allows a user to securely obtain a key for communicating with any other registered user. Suppose that Alice and Bob are users of the KDC; they only know their individual key, K_A-KDC and K_B-KDC, respectively, for communicating securely with the KDC. Alice takes the first step, and they proceed as illustrated in Figure 7.5-1.

Setting up a one-time session key using a Key Distribution Center

Using K_A-KDC to encrypt her communication with the KDC, Alice sends a message to the KDC saying she (A) wants to communicate with Bob (B). We denote this message, K_A-KDC (A,B) . As part of this exchange, Alice should authenticate the KDC (see homework problems), e.g., using an authentication protocol (e.g., our protocol ap4.0) and the shared key K_A-KDC .

Digital Signature Algorithm

DSA is a United States Federal Government standard for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186 in 1993.

The first part of the DSA algorithm is the public key and private key generation, which can be described as:

Choose a prime number q, which is called the prime divisor.
Choose another primer number p, such that p-1 mod q = 0. p is called the prime modulus.
Choose an integer g, such that 1 < g < p, g**q mod p = 1 and g = h**((p–1)/q) mod p. q is also called g's multiplicative order modulo p.
Choose an integer, such that 0 < x < q.
Compute y as g**x mod p.
Package the public key as {p,q,g,y}.
Package the private key as {p,q,g,x}.

The second part of the DSA algorithm is the signature generation and signature verification, which can be described as:

To generate a message signature, the sender can follow these steps:

Generate the message digest h, using a hash algorithm like SHA1.
Generate a random number k, such that 0 < k < q.
Compute r as (g**k mod p) mod q. If r = 0, select a different k.
Compute i, such that k*i mod q = 1. i is called the modular multiplicative inverse of k modulo q.
Compute s = i*(h+r*x) mod q. If s = 0, select a different k.
Package the digital signature as {r,s}.

MD5 Hash

The Algorithm

The MD5 hash is described in RFC 1321 along with a C implementation. MD5 is similar to the MD4 hash. The padding and initialisation is identical.

MD5 operates on 32-bit words. Let M be the message to be hashed. The message M is padded so that its length (in bits) is equal to 448 modulo 512, that is, the padded message is 64 bits less than a multiple of 512. The padding consists of a single 1 bit, followed by enough zeros to pad the message to the required length. Padding is always used, even if the length of M happens to equal 448 mod 512. As a result, there is at least one bit of padding, and at most 512 bits of padding. Then the length (in bits) of the message (before padding) is appended as a 64-bit block.

The padded message is a multiple of 512 bits and, therefore, it is also a multiple of 32 bits. Let M be the message and N the number of 32-bit words in the (padded) message. Due to the padding, N is a multiple of 16.

A four-word buffer (A,B,C,D) is used to compute the message digest. Here each of A, B, C, D is a 32-bit register. These registers are initialized to the following values in hexadecimal:


word A: 01 23 45 67
word B: 89 ab cd ef

word D: 76 54 32 10

word C: fe dc ba 98

We first define four auxiliary functions that each take as input three 32-bit words and produce as output one 32-bit word.

$\text{[math]}$

where $\text{[math]}$ is logical and, $\text{[math]}$ is logical or and $\text{[math]}$ is logical xor. Do the following:


/* Process each 16-word block. */

For i = 0 to N/16-1 do

    /* Copy block i into X. */

    For j = 0 to 15 do

        Set X[j] to M[i*16+j].

    end /* of loop on j */

    /* Save A as AA, B as BB, C as CC, and D as DD. */

    AA = A
BB = B

    DD = D
CC = C


    /* Round 1. */

    /* Let [abcd k s i] denote the operation

        a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */

    /* Do the following 16 operations. */

    [ABCD  0  7  1]  [DABC  1 12  2]  [CDAB  2 17  3]  [BCDA  3 22  4]
[ABCD  4  7  5]  [DABC  5 12  6]  [CDAB  6 17  7]  [BCDA  7 22  8]

    [ABCD 12  7 13]  [DABC 13 12 14]  [CDAB 14 17 15]  [BCDA 15 22 16]
[ABCD  8  7  9]  [DABC  9 12 10]  [CDAB 10 17 11]  [BCDA 11 22 12]


    /* Round 2. */

    /* Let [abcd k s i] denote the operation

        a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */

    /* Do the following 16 operations. */

    [ABCD  1  5 17]  [DABC  6  9 18]  [CDAB 11 14 19]  [BCDA  0 20 20]
[ABCD  5  5 21]  [DABC 10  9 22]  [CDAB 15 14 23]  [BCDA  4 20 24]

    [ABCD 13  5 29]  [DABC  2  9 30]  [CDAB  7 14 31]  [BCDA 12 20 32]
[ABCD  9  5 25]  [DABC 14  9 26]  [CDAB  3 14 27]  [BCDA  8 20 28]


    /* Round 3. */

    /* Let [abcd k s t] denote the operation

        a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */

    /* Do the following 16 operations. */

    [ABCD  5  4 33]  [DABC  8 11 34]  [CDAB 11 16 35]  [BCDA 14 23 36]
[ABCD  1  4 37]  [DABC  4 11 38]  [CDAB  7 16 39]  [BCDA 10 23 40]

    [ABCD  9  4 45]  [DABC 12 11 46]  [CDAB 15 16 47]  [BCDA  2 23 48]
[ABCD 13  4 41]  [DABC  0 11 42]  [CDAB  3 16 43]  [BCDA  6 23 44]


    /* Round 4. */

    /* Let [abcd k s t] denote the operation

        a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */

    /* Do the following 16 operations. */

    [ABCD  0  6 49]  [DABC  7 10 50]  [CDAB 14 15 51]  [BCDA  5 21 52]
[ABCD 12  6 53]  [DABC  3 10 54]  [CDAB 10 15 55]  [BCDA  1 21 56]

    [ABCD  4  6 61]  [DABC 11 10 62]  [CDAB  2 15 63]  [BCDA  9 21 64]
[ABCD  8  6 57]  [DABC 15 10 58]  [CDAB  6 15 59]  [BCDA 13 21 60]


    /* Then perform the following additions. (That is increment each

        of the four registers by the value it had before this block

        was started.) */

    A = A + AA
B = B + BB

    D = D + DD
C = C + CC


end /* of loop on i */

The algorithm above uses a set o 64 constants T[i] for i = 1 to 64. Let T[i] denote the i-th element of the table, which is equal to the integer part of 4294967296 times abs(sin(i)), where i is in radians. The elements of the table are given in the appendix of RFC 1321.

Pages