Hash Functions Ramki Thurimella. 2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily.

Slides:



Advertisements
Similar presentations
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Advertisements

Lecture 5: Cryptographic Hashes
Cryptographic Hash Functions Rocky K. C. Chang, February
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Digital Signatures and Hash Functions. Digital Signatures.
MD Collision Sought Marian Ščerbák University of Pavol Jozef Šafárik Košice.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
PIITMadhumita Chatterjee Security 1 Hashes and Message Digests.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Announcements: 1. HW7 due next Tuesday. 2. Inauguration today! Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman,
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Announcements:Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions and SHA-1 Hash Functions.
Hashes and Message Digest Hash is also called message digest One-way function: d=h(m) but no h’(d)=m –Cannot find the message given a digest Cannot find.
By: Matthew Ng. SHA stands for Secure Hash Algorithm It is based off the Merkle-Dangard hash function There are 3 versions of it with one coming in 2012.
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Information Security and Management 11
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Module 4 Hash Functions Highline Community College Seattle University University of Washington in conjunction with the National Science Foundation.
1 Pertemuan 09 Hash and Message Digest Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Hash Functions Nathanael Paul Oct. 9, Hash Functions: Introduction Cryptographic hash functions –Input – any length –Output – fixed length –H(x)
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
SCSC 455 Computer Security
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha)
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Digital Signatures (DSs) The digital signatures cannot be separated from the message and attached to another The signature is not only tied to signer but.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
HASH Functions.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
IS 302: Information Security and Trust Week 5: Integrity 2012.
EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.
Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.
Hash and MAC Functions CS427 – Computer Security
Theory of Computation II Topic presented by: Alberto Aguilar Gonzalez.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
1 Hash Functions. 2 A hash function h takes as input a message of arbitrary length and produces as output a message digest of fixed length
1 Network Security Lecture 5 Hashes and Message Digests Waleed Ejaz
Cryptographic Hash Functions and Protocol Analysis
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Modern Cryptography.
Cryptographic Hash Functions Prepared by Dr. Lamiaa Elshenawy
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
Cryptographic Hash Functions
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
Information Security and Management 11. Cryptographic Hash Functions Chih-Hung Wang Fall
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 13.Message Authentication.
Data Integrity / Data Authentication. Definition Authentication (Signature) algorithm - A Verification algorithm - V Authentication key – k Verification.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
@Yuan Xue 285: Network Security CS 285 Network Security Hash Algorithm Yuan Xue Fall 2012.
Chapter 12 – Hash Algorithms
DTTF/NB479: Dszquphsbqiz Day 26
ICS 454 Principles of Cryptography
Cryptographic Hash Functions
ICS 454 Principles of Cryptography
Hash Function Requirements
Presentation transcript:

Hash Functions Ramki Thurimella

2 What is a hash function? Also known as message digest or fingerprint Compression: A function that maps arbitrarily long binary strings to fixed length binary strings Ease of Computation : Given a hash function and an input it should be easy to calculate the output Cryptographic hash functions have more security requirements compared to the ones used to create hash tables

3 Applications Data Integrity Downloading of large files often include the MD5 digest to verify the integrity of the file Proof of Ownership Publish the digest of a document describing a patent idea in the New York Times Newspaper charges based on the number of characters Digital Signatures Digitally sign the digest of a message instead of the message to save computational time

4 Properties Collision resistance For two distinct messages m 1 and m 2, h(m 1 ) ≠ h(m 2 ) By pigeon-hole principle, this is not always possible since the domain is infinite and the range is finite The security requirement merely requires that for a h and m 1, some other m 2 cannot be found easily, i.e. computationally infeasible, such that both messages hash to the same value One-way property They are used in pseudorandom number generators, e.g. generate several keys from one shared secret key Learning one value should not make learning other values easy

5 Attacks Ideally a hash function should be a random mapping Attack: A non-generic method of distinguishing the hash function from an ideal hash function Non-generic means that the attack exploits the specific weaknesses of the hash function Since there is no key, exhaustive search cannot be performed Generic attack: Birthday attack

6 Birthday Attack Expected number of collisions after picking t pairs: t C 2 * (1/2 n ) ≈ t 2 /2 n To get 1 collision, choose t = 2 (n/2) This attack is useful only for collisions Sometimes a pre-image (given h(m) finding m) is required, e.g. privacy scenario Generic attack for pre-image requires 2 n work

7 An insecure hash function 1.Pad m (specifics are not important) 2.Create 128-bit blocks m 1,m 2,…,m k 3.H 0 = 128-bit block of all zeros 4.H i = AES ( H i-1 m i ) 5.H k is the result Attack – Pick m and assume it splits into m1 & m2 – Let m 1 = m 1 (+) H 1 and m 2 ’ = H 2 (+) m 2 (+) H 1 – Assume that m 1 ’ & m 2 ’ are the result of splitting m’ A non-generic attack

8 Non-Generic Attack (cont.) Show that m & m ’ map to the same value (Exercise 5.5, pp. 88)

9 The MD5 Function Specifies the compression function to use Processes 512-bit message blocks Produces a 128-bit digest Is derived from MD4 to address security concerns Created by Ronald Rivest and described in RFC 1321

10 MD5 There are four possible functions F; a different one is used in each round:

11 In the previous Figure MD5 consists of 64 of these operations, grouped in four rounds of 16 operations F is a nonlinear function; one function is used in each round M i denotes a 32-bit block of the message input K i denotes a 32-bit constant, different for each operation <<< s denotes a left bit rotation by s places; s varies for each operation denotes addition modulo 2 32

12 The SHA-1 Function Processes 512-bit message blocks Produces a 160-bit digest Is also derived from MD4 A slight modification of SHA-0 to fix a “technical error” Created by NIST with the aid of the NSA Defined in FIPS PUB 180-2

13 SHA-1

14 One iteration within the SHA-1 compression function A, B, C, D and E are 32-bit words of the statewords F is a nonlinear function that varies W t is the expanded message word of round t K t is the round constant of round t

15 Examples % echo " " | openssl dgst -sha512 | wc MD5(M) = 0x93b885adfe0da089cdf634904fd59f71 MD5(M’) = 0x55a54008ad1ba589aa210d2629c1df41 SHA-1(M) = 0x5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA-1(M’)= 0xbf8b4530d8d246dd74ac53a13471bba17941dff7 On average changing 1 input bit will change 50% of the output bits Avalanche condition

16 Weaknesses of hash functions Length extension Let m = m 1,m 2,…,m k Choose m ’ = m 1,m 2,…,m k,m k+1 Notice that h(m’) = h’(h(m),m k+1 ) Why is this a problem? Alice sends Bob m Authenticates by sending h(X || m) where X is a secret known only to Bob Eve can append to m and update the authentication code

17 Current State of Hash Functions Researchers try to break hash functions in 1 of 2 ways Finding two messages (usually single message blocks) hash to the same digest Find the message that creates the digest of all zeros or all ones (essentially finding a preimage) Collisions and preimages can be found for MD4 Collisions can be constructed for MD5 and SHA-0 Theoretic collisions discovered for SHA-1 SHA-256 & SHA-512 has no known attacks

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.