4

I have been reading about SHA-2 family and I found a lot of in depth details, but I am confused about how it is related to TLS and AES. TLS encrypts data between server and client, but does it make use of SHA and for what, like what kind of data?

otus
  • 32,132
  • 5
  • 70
  • 165
user3592502
  • 217
  • 1
  • 3
  • 6
  • TLS usually uses some SHA algorithm, e.g. in certificates. However, AES should not be used "for passwords". The difference between different versions of AES is explained in: http://crypto.stackexchange.com/questions/20/what-are-the-practical-differences-between-256-bit-192-bit-and-128-bit-aes-enc – otus Sep 02 '14 at 05:38
  • Because of the question I linked above, I've removed the second part of your question. If you feel it doesn't answer what you were asking, feel free to revert my edit or ask a new question about that. – otus Sep 02 '14 at 09:16
  • Sure. Thank you for the answer, I am getting more clarity about it. I will go at a steady pace so that I don't get confused. If I get more questions, I will post for sure. – user3592502 Sep 02 '14 at 09:18

1 Answers1

7

SHA is related to AES in that they are both US government standards. They are not similar algorithmically.

SHA and AES are cryptographic primitives, TLS is a protocol. As the name describes SHA is a family of hash algorithms. AES is a block cipher. TLS uses many encryption algorithms, including AES in various modes, and several hash algorithms, including those in the SHA family. TLS may also use encryption algorithms not based on a block cipher, such as RC4.

TLS uses hash algorithms in order to provide message authenticity when the encryption algorithm does not provide authenticated encryption, via HMAC. SHA may also be used during client-server key exchange to compute the shared master secret, as a component of some PRF, generally also HMAC. TLS encrypts passwords in transit between client and server using the selected encryption algorithm, which could be AES.

SHA is also used in server certificates in order to verify their authenticity so a TLS connection is not created to an imposter. Verification is apparently not implemented well in a wide variety of systems.

I would suggest reading RFC 5246 in order to get a better idea of how TLS operates.

Community
  • 1
Richie Frame
  • 13,097
  • 1
  • 25
  • 42
  • Thank you for your detailed answer, the following are my questions 1)MAC is used under SSL uses a secure key that is used for sharing this as well as verification for preserving the data integrity in SSL, so HMAC which uses a hashed algorithm and a key is in what way different in TLS? 2)The key used in HMAC is appended into the message, so the same key is shared between the users to preserve the integrity, but where is hashed algorithm used into HMAC. – user3592502 Sep 02 '14 at 10:06
  • "The key used in HMAC is appended into the message". That is not quite how HMAC works. HMAC uses a hash algorithm internally, and the key changes the initial value of the hash, twice. This requires the key to be extended to the block size. – Richie Frame Sep 02 '14 at 10:53
  • Thank you for the answer. I saw a similar diagram based on what you have explained on Wikipedia. I didn't understand it still, can you elaborate on it a bit more, please – user3592502 Sep 02 '14 at 10:55
  • "in what way different in TLS?" TLS uses different keys for client and server encryption and MAC, and this is generated from the shared secret. TLS specifies a PRF which makes use of HMAC and a seed to generate arbitrary data lengths, similar to a hash based KDF. Authenticated encryption modes only need 1 key per party. – Richie Frame Sep 02 '14 at 11:06
  • If the HMAC diagrams do not make sense, you will need to gain a better understanding of how MD type hash functions work. Try reading the pseudocode – Richie Frame Sep 02 '14 at 11:11
  • Para3 could be confusing: TLS (normal case) uses hash via HMAC to provide authenticity (exception) unless using an authenticated encryption mode (GCM, CCM). And the question named SHA-2 which is used in TLS protocol (as opposed to certs) only in the latest version, TLSv1.2, and then not everywhere. But it follows the same general design as SHA-1 and MD5 which are used longer and more widely in SSL/TLS. – dave_thompson_085 Sep 05 '14 at 08:23
  • So if we are using AEAD like GCM, we do not need hash in cipher, because we do not do HMAC? – Franklin Yu Mar 15 '18 at 18:49
  • Never mind. It is mentioned in this answer. – Franklin Yu Mar 15 '18 at 19:51