41 lines
2.0 KiB
Markdown
41 lines
2.0 KiB
Markdown
|
Lecture Topic:
|
||
|
|
||
|
## One way hash function:
|
||
|
An alternative to the message authentication is the one way hash function.
|
||
|
As with MAC, a hash function accepts a variable size message as input and produces a fixed size message digest as output (eg 1024 bits). Unlike a MAC ta hash function does not take a secret key as input. The message is padded out toe and integer multiple of some fixed length. The padding includes the value of the length of the original message in bits
|
||
|
|
||
|
Common one way hash functions:
|
||
|
- MD5
|
||
|
- SHA
|
||
|
|
||
|
Secure Hash Functions:
|
||
|
Important to note in addition to message authentication, but also digital signatures produce a fingerprint
|
||
|
|
||
|
Requirements:
|
||
|
1. H can be applied to a block of data of any size
|
||
|
2. H produces a fixed length output
|
||
|
3. H(x) is relatively easy to compute for any given x
|
||
|
4. For any given code h, it is computationally infeasible to find x such that H(x) = h
|
||
|
(Property: one way, or primage resistant)
|
||
|
5. For any given block x, it is computationally infeasible to find y = x with H(y) = H(x)
|
||
|
(Property: second preimage resistant)
|
||
|
6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)
|
||
|
(Property: collision resistance)
|
||
|
|
||
|
## Security of Hash functions
|
||
|
Approaches to attacking a secure hash function
|
||
|
- cryptanalysis: exploiting logical weaknesses in the algorithm
|
||
|
- brute-force attacks:
|
||
|
- the strength of a hash function attacks depends solely on the length of the hash code produces by the algorithm
|
||
|
- preimage resistant: $2^n$ (level of effort)
|
||
|
- collision resistance: $2^{n/2}$ due to birthday problem
|
||
|
|
||
|
Secure hash function algorithms:
|
||
|
The most widely used hash function has been the Secure Hash Function (SHA)
|
||
|
|
||
|
Passwords:
|
||
|
- a hash of a password is stored in the OS rather than the password itself
|
||
|
- this ensures that the password is not retrievable by a hacker who gains access to the password file
|
||
|
- when a user logs in the password value is hashed and compared to the hash value stored in the system
|
||
|
Intrusion Detection
|
||
|
- store the hash value for a file h(f)
|