Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.

Published byDustin Thompson Modified over 8 years ago

Similar presentations

Presentation on theme: "Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily."— Presentation transcript:

1 Hash Functions Ramki Thurimella

2 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily long binary strings to fixed length binary strings Ease of Computation : Given a hash function and an input it should be easy to calculate the output Cryptographic hash functions have more security requirements compared to the ones used to create hash tables

3 3 Applications Data Integrity Downloading of large files often include the MD5 digest to verify the integrity of the file Proof of Ownership Publish the digest of a document describing a patent idea in the New York Times Newspaper charges based on the number of characters Digital Signatures Digitally sign the digest of a message instead of the message to save computational time

4 4 Properties Collision resistance For two distinct messages m 1 and m 2, h(m 1 ) ≠ h(m 2 ) By pigeon-hole principle, this is not always possible since the domain is infinite and the range is finite The security requirement merely requires that for a h and m 1, some other m 2 cannot be found easily, i.e. computationally infeasible, such that both messages hash to the same value One-way property They are used in pseudorandom number generators, e.g. generate several keys from one shared secret key Learning one value should not make learning other values easy

5 5 Attacks Ideally a hash function should be a random mapping Attack: A non-generic method of distinguishing the hash function from an ideal hash function Non-generic means that the attack exploits the specific weaknesses of the hash function Since there is no key, exhaustive search cannot be performed Generic attack: Birthday attack

6 6 Birthday Attack Expected number of collisions after picking t pairs: t C 2 * (1/2 n ) ≈ t 2 /2 n To get 1 collision, choose t = 2 (n/2) This attack is useful only for collisions Sometimes a pre-image (given h(m) finding m) is required, e.g. privacy scenario Generic attack for pre-image requires 2 n work

7 7 An insecure hash function 1.Pad m (specifics are not important) 2.Create 128-bit blocks m 1,m 2,…,m k 3.H 0 = 128-bit block of all zeros 4.H i = AES ( H i-1 m i ) 5.H k is the result Attack – Pick m and assume it splits into m1 & m2 – Let m 1 = m 1 (+) H 1 and m 2 ’ = H 2 (+) m 2 (+) H 1 – Assume that m 1 ’ & m 2 ’ are the result of splitting m’ A non-generic attack

8 8 Non-Generic Attack (cont.) Show that m & m ’ map to the same value (Exercise 5.5, pp. 88)

9 9 The MD5 Function Specifies the compression function to use Processes 512-bit message blocks Produces a 128-bit digest Is derived from MD4 to address security concerns Created by Ronald Rivest and described in RFC 1321

10 10 MD5 http://en.wikipedia.org/wiki/File:MD5.svg There are four possible functions F; a different one is used in each round:

11 11 In the previous Figure MD5 consists of 64 of these operations, grouped in four rounds of 16 operations F is a nonlinear function; one function is used in each round M i denotes a 32-bit block of the message input K i denotes a 32-bit constant, different for each operation <<< s denotes a left bit rotation by s places; s varies for each operation denotes addition modulo 2 32

12 12 The SHA-1 Function Processes 512-bit message blocks Produces a 160-bit digest Is also derived from MD4 A slight modification of SHA-0 to fix a “technical error” Created by NIST with the aid of the NSA Defined in FIPS PUB 180-2

13 13 SHA-1 http://en.wikipedia.org/wiki/File:SHA-1.svg

14 14 One iteration within the SHA-1 compression function A, B, C, D and E are 32-bit words of the statewords F is a nonlinear function that varies W t is the expanded message word of round t K t is the round constant of round t

15 15 Examples % echo "0000 0000" | openssl dgst -sha512 | wc MD5(M) = 0x93b885adfe0da089cdf634904fd59f71 MD5(M’) = 0x55a54008ad1ba589aa210d2629c1df41 SHA-1(M) = 0x5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA-1(M’)= 0xbf8b4530d8d246dd74ac53a13471bba17941dff7 On average changing 1 input bit will change 50% of the output bits Avalanche condition

16 16 Weaknesses of hash functions Length extension Let m = m 1,m 2,…,m k Choose m ’ = m 1,m 2,…,m k,m k+1 Notice that h(m’) = h’(h(m),m k+1 ) Why is this a problem? Alice sends Bob m Authenticates by sending h(X || m) where X is a secret known only to Bob Eve can append to m and update the authentication code

17 17 Current State of Hash Functions Researchers try to break hash functions in 1 of 2 ways Finding two messages (usually single message blocks) hash to the same digest Find the message that creates the digest of all zeros or all ones (essentially finding a preimage) Collisions and preimages can be found for MD4 Collisions can be constructed for MD5 and SHA-0 Theoretic collisions discovered for SHA-1 SHA-256 & SHA-512 has no known attacks

Download ppt "Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily."

Similar presentations

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.

Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
Cryptographic Hash Functions Rocky K. C. Chang, February 2013 1.

Cryptographic Hash Functions Rocky K. C. Chang, February
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.

MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.

PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.

CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,

Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.

Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.

Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
By: Matthew Ng. SHA stands for Secure Hash Algorithm It is based off the Merkle-Dangard hash function There are 3 versions of it with one coming in 2012.

By: Matthew Ng. SHA stands for Secure Hash Algorithm It is based off the Merkle-Dangard hash function There are 3 versions of it with one coming in 2012.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11

Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Similar presentations

Ads by Google