Hashing and Digital Signature Algorithms

This section lists several algorithms used to compute hashes and digital signatures. Each of these algorithms is supported by the Microsoft RSA Base Provider.

The MD2, MD4, and MD5 hashing algorithms were all developed by RSA Data Security, Inc. These algorithms were developed in sequential order. The later algorithms are generally more secure than the earlier ones. All three algorithms generate 128-bit hash values.

The secure hashing algorithm (SHA) was developed by the National Institute of Standards and Technology (NIST) and by the National Security Agency (NSA). This algorithm was developed for use with Digital Signature Algorithm (DSA) or Digital Signature Standard (DSS). This algorithm generates a 160-bit hash value.

Message Authentication Codes are similar to hash values, but are computed using a session key. Because of this, you must possess the session key to recompute the hash value to verify that the base data has not changed.

The Message Authentication Codes implemented by the Microsoft RSA Base Provider are of the most common sort. That is, they are block cipher Message Authentication Codes. This method encodes the base data with a block cipher and then uses the last encoded block as the hash value. The encryption algorithm used to build the Message Authentication Code is the one that was specified when the session key was created.

Warning The same session key should not be used for both message encryption and Message Authentication Codes generation. Doing so greatly increases the risk of your messages being decoded.