© Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain...
-
Upload
beatrice-wheeler -
Category
Documents
-
view
217 -
download
1
Transcript of © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain...
![Page 1: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/1.jpg)
© Prem Uppuluri© Prem Uppuluri
Hashes and Message Digests
Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.
![Page 2: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/2.jpg)
© Prem Uppuluri
So far…
• We looked at:– Symmetric or secret-key cryptography
• Primarily used for encryption/decryption.
– Asymmetric or Public key cryptography• Primarily used for
– Key exchange (used to setup secret key in order to user symmetric key cryptography) and
– Digital signatures.
– Next: Using “secure hash functions” or cryptographic checksums to achieve integrity of messages.
![Page 3: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/3.jpg)
© Prem Uppuluri
Use of secure hash.
• When you download software from the internet, most companies provide you with a “checksum” associated with the download.– E.g., on this site (download for CentOS) you will find an
MD5 checksum: http://mirror.stanford.edu/yum/pub/centos/5.5/isos/i386/
• The checksum is used to determine the integrity of the download. – So what is this checksum (secure hash)?– How is it used?
![Page 4: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/4.jpg)
© Prem Uppuluri
What is a hash function?
(A) Potatoes deep fried in butter.(B) Potatoes deep fried in olive oil.(C)A one-way function which takes any
input and converts it into a fixed sized output.
![Page 5: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/5.jpg)
© Prem Uppuluri
Overview of a hash function
Hash Function (the function is publicly known)
Output of a fixed size. (called hash value or hash key or
fingerprint)
Input of any size.
![Page 6: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/6.jpg)
© Prem Uppuluri
Hash Function Properties
• a Hash Function H produces a fingerprint of some file/message/datah = H(M)
– condenses a variable-length message M to a fixed-sized fingerprint
– You can't recover M just knowing h !• assumed to be public
![Page 7: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/7.jpg)
© Prem Uppuluri
A One-way hash function
Hash Function
Output of a fixed size. (called hash value or
hash key)
Input of any size.
Given an output hash value, there is no way to generate or get back the original input.
![Page 8: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/8.jpg)
© Prem Uppuluri
Secure One-way Hash function.
It is a one-way hash functions with three additional properties:
– Given an input and its hash, it is computationally infeasible to find another message with the same hash.
– In fact, it is computationally infeasible to find any two messages with the same hash key.
– Sometimes uses a secret key as a second input (in addition to the original input).
![Page 9: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/9.jpg)
© Prem Uppuluri
Summary of Requirements for Secure Hash Functions and notations used.
1. can be applied to any sized message M2. produces fixed-length output h3. is easy to compute h=H(M) for any message M4. given h is infeasible to find x s.t. H(x)=h
• one-way property
5. given x is infeasible to find y s.t. H(y)=H(x)• weak collision resistance
6. is infeasible to find any x,y s.t. H(y)=H(x)• strong collision resistance
Notes based on © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)
![Page 10: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/10.jpg)
© Prem Uppuluri
Example
• Is this a hash function? Is it 1-way? Is it secure?
– H(x) = x.substring(0,4)• x is some text (series of strings).• Substring method returns a substring in the
string. In the above example,– If x = “ITEC is cool”– H(x) = “ITEC “
![Page 11: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/11.jpg)
© Prem Uppuluri
Simple Hash Functions
• based on XOR (exclusive or) of message blocks• not secure since we can manipulate any
message and either not change hash, or change hash also
• need a stronger cryptographic function
Notes based on © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)
![Page 12: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/12.jpg)
© Prem Uppuluri
Examples of secure hash algorithms
• MD5 (message digest version 5)– Try it out here: http://
www.miraclesalad.com/webtools/md5.php
– What do you observe? – Regardless of the size of the input, the
hash is the same value: 128 bits.
• SHA-2 (Secure Hash Algorithm)
![Page 13: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/13.jpg)
© Prem Uppuluri
How to use hash functions.
• Examples:– Recall the example of software
download. How do you ensure that a software you created hasn’t been tampered with?
• Compute its hash and store. When someone downloads the software, they will recompute the hash and compare. If the hash is different someone tampered the software.
– Another use: Storing passwords (in UNIX).
![Page 14: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/14.jpg)
© Prem Uppuluri
How to use hash functions.
Another use: Storing passwords (in UNIX).
UNIX uses the DES algorithm.Given a password: “abc12345”, UNIX does the follows:
(1) Take a string of 0’s. (2) Compute a 7 digit hash of the string of 0’s with the password as a key.
![Page 15: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/15.jpg)
© Prem Uppuluri
Hash vs. Secret-key cryptography• They both are used differently.
– Secret key cryptography is normally used for:• Confidentiality (encrypting messages).
– Secure Hashes are “normally” used for: • Generating a cryptographic checksum – to check for
integrity.• Generating a digital signature – for non-repudiation.• Generating a “secret key” to be used in secret key
cryptography.» This is because secure hashes incorporate randomness.
• Secure hashes need to be larger than 64 bits to be secure. Why? The Birthday paradox.
Notes based on © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)
![Page 16: © Prem Uppuluri Hashes and Message Digests Slides by Prem Uppuluri. Some of the slides contain material from sources that are cited in those specific slides.](https://reader036.fdocuments.in/reader036/viewer/2022082516/56649d195503460f949eeba0/html5/thumbnails/16.jpg)
© Prem Uppuluri
Birthday Attacks
• might think a 64-bit hash is secure• but by Birthday Paradox is not• birthday attack works as follows
– opponent generates 2m/2 variations of a valid message all with essentially the same meaning
– opponent also generates 2m/2 variations of a desired fraudulent message
– two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox)
– have user sign the valid message, then substitute the forgery which will have a valid signature
• conclusion is that need to use larger MACsNotes from © William Stallings, Cryptography and Network Security. Slides by © Dr. Lawrie Brown, Australian Defence Institute. (http://www.box.net/shared/h164at4gsc)