csce522-lect8-fenner

csce522-lect8-fenner - Cryptographic Hash Functions and...

This preview shows pages 1–11. Sign up to view the full content.

Cryptographic Hash Functions and Protocol Analysis

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
CSCE 522 - Farkas 2 Lecture 8-9 Hash Functions Hash function h maps an input x of arbitrary length to a fixed length output h(x) (compression) Accidental or intentional change to the data will change the hash value Given h and x, h(x) is easy to compute (ease of computation)
CSCE 522 - Farkas 3 Lecture 8-9 Good Hash Function 1. It is easy to compute the hash value for any given message 2. It is infeasible to find a message that has a given hash 3. It is infeasible to modify a message without changing its hash 4. It is infeasible to find two different messages with the same hash

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
CSCE 522 - Farkas 4 Lecture 8-9 Hash functions Preimage resistant (one-way): if for all specified outputs , it is computationally infeasible to find any input that hashes to that output Second-preimage resistent (weak collision resistant): if it is computationally infeasible to find any second input which has the same output as any specified input Collision resistant (strong collision resistant): if it is computationally infeasible to find any two distinct inputs that has the same output
CSCE 522 - Farkas 5 Lecture 8-9 Attacks First preimage attack : given a hash h, find a message m such that hash(m) = h Second preimage attack : given a fixed message m1, find a different message m2 such that hash(m2) = hash(m1) Attack complexity: 2 n (considered too high for a typical output size of n=160 bits) Practical attacks: Collision attack

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
CSCE 522 - Farkas 6 Lecture 8-9 Collision Attack Birthday attack: Cryptographic attack Exploits the mathematics behind the birthday problem in probability theory Given a function ƒ, the goal of the attack is to find two different inputs x1, x2 such that ƒ(x1) = ƒ(x2) Method: evaluate the function ƒ for different input values that may be chosen randomly or pseudorandomly until the same result is found more than once (complexity is 2 n/2 )
CSCE 522 - Farkas 7 Lecture 8-9 Hash Functions Message digest Used for authenticity (sign hash value of a message) and integrity purposes Algorithms: SHA-1,MD2,MD4, MD5

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
CSCE 522 - Farkas 8 Lecture 8-9 MD5 Message Digest Algorithm Input of arbitrary length Output: 128 bits Block size: 512 bits 1991: designed by Ron Rivest to replace MD4 1996, …, 2008: Weaknesses in MD5 Cryptographically broken
CSCE 522 - Farkas 9 Lecture 8-9 MD6 MD6 was submitted to the NIST SHA-3 competition July 1, 2009: Rivest posted a comment at NIST that MD6 is not yet ready to be candidated for SHA-3 speed issues and inability to supply a proof of security for a faster reduced-round version

This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document
CSCE 522 - Farkas 10 Lecture 8-9 MD5 Processing Append padding bits so length 448 mod 512 (padded message 64 bits less than an integer multiplied by 512) Append length: a 64-bit representation of the length of the original message (before the
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/13/2011 for the course CSCE 522 taught by Professor Farkas during the Fall '11 term at South Carolina.

Page1 / 37

csce522-lect8-fenner - Cryptographic Hash Functions and...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document
Ask a homework question - tutors are online