This preview shows page 1. Sign up to view the full content.
Unformatted text preview: n a satellite, perhaps) random message strings with random signature strings. Eventually, one of those random messages will have a valid signature. The adversary would have no idea what the command would do, but if his only objective was to tamper with the satellite, this would do it. Length of OneWay Hash Functions
Hash functions of 64 bits are just too small to survive a birthday attack. Most practical oneway hash functions produce 128bit hashes. This forces anyone attempting the birthday attack to hash 264 random documents to find two that hash to the same value, not enough for lasting security. NIST, in its Secure Hash Standard (SHS), uses a 160bit hash value. This makes the birthday attack even harder, requiring 280 random hashes. The following method has been proposed to generate a longer hash value than a given hash function produces. (1) Generate the hash value of a message, using a oneway hash function listed in this book. (2) Prepend the hash value to the message. (3) Generate the hash value of the concatenation of the message and the hash value. (4) Create a larger hash value consisting of the hash value generated in step (1) concatenated with the hash value generated in step (3). (5) Repeat steps (1) through (3) as many times as you wish, concatenating as you go. Although this method has never been proved to be either secure or insecure, various people have some serious reservations about it [1262, 859]. Overview of OneWay Hash Functions
It’s not easy to design a function that accepts an arbitrarylength input, let alone make it oneway. In the real world, oneway hash functions are built on the idea of a compression function . This oneway function outputs a hash value of length n given an input of some larger length m [1069, 414]. The inputs to the compression function are a message block and the output of the previous blocks of text (see Figure 18.1). The output is the hash of all blocks up to that point. That is, the hash of block Mi is hi = f(Mi,hi 1) This hash value, along with the next message block, becomes the next input to the compression function...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details