This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: Computer and Network Security c circlecopyrt Copyright 2000 R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 326116120 [email protected] Hashes (Pfleeger Ch. 3, KPS Ch. 4) Art 1 Definitions 1.1 Oneway Function A oneway function F is a function that is “hard” to invert. That is, if F : A → B, then given some b ∈ B , it is hard to find an a ∈ A for which F ( a ) = b. By hard, we mean that no method much faster than trying elements of A using brute force is known to invert F effectively. This is collisionresistance . 1.2 Hash Function A hash H is a function that • takes inputs from a large set, A , and • maps them to fixed length elements in a finite set, B . 1.3 Oneway or Secure Hash Function If a hash function is also a oneway function, then it is a oneway hash or secure hash function. 2 Uses of Hashes If H is a oneway hash, then it may be used in many ways: 1. for authentication 2. as a MIC (message integrity check) 3. as a MAC (message authentication check) 4. as a PRNG (for key stream generation) 5. for password security. 3 Hash Attacks 3.1 The Birthday Problem If there are 23 or more people in a room, the odds are better than .5 that two of them will have the same birthday. • Assume that 365 days of the year are equally likely as birthdays • birthdays are random among people • With N people in the room, there are P = N ( N − 1) / 2 distinct pairs of people. • For each pair, there is a probability of p = 1 / 365 that the two have the same birthday. • Expected number of matches is number of pairs times probability, E ( matches ) = Pp. • For the expected number of matches to exceed .5, P > . 5 /p = 365 / 2 = 183 . • Thus P = N ( N − 1) / 2 > 365 / 2 hence N ( N − 1) > 365 N > √ 365 > 19 . • With 20 people in a room it is around an even bet that two will have the same birthday. 2 3.2 So What? Well, the Birthday Problem tells us 1. that to find two messages with the same nbit hash value, only 2 n/ 2 candidates will have to be considered, on the average; 2. if another message m ′ with the same nbit hash value H ( m ) as some given message m is required, then on the average, 2 n − 1 candidates will have to be tested. Since hashes must protect against intentional misuse (a user producing two messages with the same hash that mean very different things, then either • signing one and claiming that the other was actually sent later, or • getting someone else to sign the one and then sending the other with the signature of the first), they must be twice as long as we would otherwise need for security. 4 Why use a hash? Oneway hashes are 1. small and fast to compute; 2. collisionresistant; 3. may be used with public key systems for signatures much faster than signing the entire message or document; 4. export a little better than pure cryptosystems do, yet can be used for encryption....
View
Full Document
 Fall '08
 Staff

Click to edit the document details