applied cryptography - protocols, algorithms, and source code in c

No attack is more efficient than brute force direct

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: n a satellite, perhaps) random message strings with random signature strings. Eventually, one of those random messages will have a valid signature. The adversary would have no idea what the command would do, but if his only objective was to tamper with the satellite, this would do it. Length of One-Way Hash Functions Hash functions of 64 bits are just too small to survive a birthday attack. Most practical one-way hash functions produce 128-bit hashes. This forces anyone attempting the birthday attack to hash 264 random documents to find two that hash to the same value, not enough for lasting security. NIST, in its Secure Hash Standard (SHS), uses a 160-bit hash value. This makes the birthday attack even harder, requiring 280 random hashes. The following method has been proposed to generate a longer hash value than a given hash function produces. (1) Generate the hash value of a message, using a one-way hash function listed in this book. (2) Prepend the hash value to the message. (3) Generate the hash value of the concatenation of the message and the hash value. (4) Create a larger hash value consisting of the hash value generated in step (1) concatenated with the hash value generated in step (3). (5) Repeat steps (1) through (3) as many times as you wish, concatenating as you go. Although this method has never been proved to be either secure or insecure, various people have some serious reservations about it [1262, 859]. Overview of One-Way Hash Functions It’s not easy to design a function that accepts an arbitrary-length input, let alone make it one-way. In the real world, one-way hash functions are built on the idea of a compression function . This one-way function outputs a hash value of length n given an input of some larger length m [1069, 414]. The inputs to the compression function are a message block and the output of the previous blocks of text (see Figure 18.1). The output is the hash of all blocks up to that point. That is, the hash of block Mi is hi = f(Mi,hi- 1) This hash value, along with the next message block, becomes the next input to the compression function...
View Full Document

This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.

Ask a homework question - tutors are online