從泛民初選 探討hash保安
TRANSCRIPT
![Page 1: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/1.jpg)
從泛民初選探討HASH保安
![Page 2: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/2.jpg)
Hash Function
●Can be applied to a block of data of any size●produce a fixed-length output●relatively easy to compute of any given value, making both hardware and software implementations practical
![Page 3: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/3.jpg)
Hash Function
●For any given hash code h, it is computationally infeasible to find x such that H(x) = h. We called it one-way property
![Page 4: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/4.jpg)
Hash Function
●For any given block x, it is computationally infeasible to find y <> x with H(y) = H(x). This is referred to as weak collision resistance.
![Page 5: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/5.jpg)
Hash Function
●It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). It is referred to as string collision resistance.
![Page 6: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/6.jpg)
Usage
●Password Protection●As a fingerprint of a message, data or file (Checksum)●Data Normalization (ID Generation)
![Page 7: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/7.jpg)
Common Cracking
●Pattern Finding●Birthday Attack●Dictionary Attack
![Page 8: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/8.jpg)
Solution
●publish the method and open the source for all people to review.●increase the length of the hash code.●add salt
![Page 9: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/9.jpg)
Possible Cracking of HKID Hash Code
●Server had been cracked●Dictionary Attack●man in middle (Depends on the Design)●Virus●Key Logger●Binary or source code disclose
![Page 10: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/10.jpg)
Workshop
●openssl●md5sum●shasum●Fun on cracking my 30000 hash codes
![Page 11: 從泛民初選 探討Hash保安](https://reader031.vdocuments.net/reader031/viewer/2022031722/55a4fc7c1a28abfe4a8b4576/html5/thumbnails/11.jpg)