Technical Solutions for COBOL



Redvers Hashing Algorithm

The Redvers Hashing Algorithm can be used to produce SHA-1, SHA-2 or SHA-3 message digests of 224, 256, 384 or 512 bit lengths, ensuring safe, authenticated data transfer to/from any location.

Main features:

Data selected for hashing or MAC generation can consist of a single data string or a series of multiple strings resulting in a single hash total (message digest) or MAC.

Message digests can be used within many security reliant applications for encryption key derivation, pseudorandom number generation and to generate or verify digital signatures.

The Redvers Hashing Algorithm is used by customers all over the world, running on iSeries/AS400, UNIX, HP, Linux, Fujitsu BS2000, Micro Focus and IBM mainframe platforms.

How it Works

The Redvers Hashing Algorithm consists of an easy to use, COBOL subroutine (RCHASH) that is called from an application to hash any single data string or series of strings.

Selecting the SHA-1 algorithm will produce a hash total of 160 bits (20 bytes). SHA-2 and SHA-3 algorithms can produce hash totals of 224 bits (28 bytes), 256 bits (32 bytes), 384 bits (48 bytes) or 512 bits (64 bytes). Truncated SHA-2 totals (SHA-512/224 and SHA-512/256) and Extendable-Output SHA-3 totals (SHAKE128 and SHAKE256) can also be generated, as well as Message Authentication Codes (MACs).

The choice of algorithm (SHA-1, SHA-2 or SHA-3) and hash length is decided by setting an 88 level flag in the calling parameters. The subroutine requires no external files and may be called in batch or on-line modes.

The diagram below shows how hashing might be used to verify the transfer of confidential data from one environment to another:

Hashing Algorithm Flowchart

The Redvers Hashing Algorithm creates standard NIST SHA message digests so that the generated hash values will match values generated by other standard SHA hashing algorithms.

Technical Information

The Redvers Hashing Algorithm 2.4 supports thirteen hash functions within the three SHA (Secure Hash Algorithm) family types:

Specifications for the SHA-1 and SHA-2 algorithms can be found in NIST (National Institute of Standards and Technology) FIPS Publication 180-4. Specification for the SHA-3 algorithm can be found in NIST FIPS Publication 202. SHA-3 is based on the Keccak algorithm, defined in the Keccak Reference document.

The Redvers Hashing Algorithm can also be used to generate keyed-hash based Message Authentication Codes (HMACs). Specification for HMAC generation can be found in NIST FIPS Publication 198-1.

Information passed to RCHASH can consist of a single data string or a series of strings from an input file or database row. The resulting hash/MAC is returned in binary, hexadecimal and Base64 formats for easy application processing.

Although SHA hashing can be used to safely represent confidential information, it cannot be used as a substitute for data encryption if the original data string needs to be recovered. This is because data information is destroyed in the hashing process, making it impossible to recover the original data string from a message digest. If decryption is required, an NIST validated encryption/decryption algorithm like the Redvers Encryption Module is recommended.

Download a free 30 day trial here...