Upload File

hashes lesson introduction ●the birthday paradox and length of hash ●secure hash function...

  • Home
  • Documents
  • Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC
Download Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC

If you can't read please download the document

Upload: joella-parks

Post on 18-Jan-2018

224 views

Category:

Documents


0 download

Report

DESCRIPTION

Hash Functions ●Compute message digest of data of any size ●Fixed length output: bits ●Easy to compute H(m) ●Given H(m), no easy way to find m ●One-way function ●Given m 1, it is computationally infeasible to find m 2 ≠m 1 s.t. H(m 2 ) = H(m 1 ) ●Weak collision resistant ●Computationally infeasible to find m 1 ≠m 2 s.t. H(m 1 ) = H(m 2 ) ●Strong collision resistant Requirements for a practical application of a hash function

TRANSCRIPT

Hashes Lesson Introduction The birthday paradox and length of hash Secure hash function HMAC Hash Functions Compute message digest of data of any size Fixed length output: bits Easy to compute H(m) Given H(m), no easy way to find m One-way function Given m 1, it is computationally infeasible to find m 2 m 1 s.t. H(m 2 ) = H(m 1 ) Weak collision resistant Computationally infeasible to find m 1 m 2 s.t. H(m 1 ) = H(m 2 ) Strong collision resistant Hash Functions Compute message digest of data of any size Fixed length output: bits Easy to compute H(m) Given H(m), no easy way to find m One-way function Given m 1, it is computationally infeasible to find m 2 m 1 s.t. H(m 2 ) = H(m 1 ) Weak collision resistant Computationally infeasible to find m 1 m 2 s.t. H(m 1 ) = H(m 2 ) Strong collision resistant Requirements for a practical application of a hash function Hash Functions Compute message digest of data of any size Fixed length output: bits Easy to compute H(m) Given H(m), no easy way to find m One-way function Given m 1, it is computationally infeasible to find m 2 m 1 s.t. H(m 2 ) = H(m 1 ) Weak collision resistant Computationally infeasible to find m 1 m 2 s.t. H(m 1 ) = H(m 2 ) Strong collision resistant The one way property Hash Functions Compute message digest of data of any size Fixed length output: bits Easy to compute H(m) Given H(m), no easy way to find m One-way function Given m 1, it is computationally infeasible to find m 2 m 1 s.t. H(m 2 ) = H(m 1 ) Weak collision resistant Computationally infeasible to find m 1 m 2 s.t. H(m 1 ) = H(m 2 ) Strong collision resistant Hash functions are unique to each message Hash Functions Compute message digest of data of any size Fixed length output: bits Easy to compute H(m) Given H(m), no easy way to find m One-way function Given m 1, it is computationally infeasible to find m 2 m 1 s.t. H(m 2 ) = H(m 1 ) Weak collision resistant Computationally infeasible to find m 1 m 2 s.t. H(m 1 ) = H(m 2 ) Strong collision resistant Hash Functions Hash Function Weaknesses The Birthday Paradox Pigeonhole Principle Hash Function Weaknesses n = number of pigeons m = number of holes n = m There is one pigeon per hole n > m Then at least one hole must have more than one pigeon Pigeonhole Principle Hash Function Weaknesses The Birthday Paradox How many people do you need in a room before you have a greater than 50% chance that two of them will have the same birthday? Assume 365 birthdays (our containers) % chance that two people in the room have the same birthday: 100% requires 366 people (the pigeonhole principle) Hash Function Weaknesses Compute probability of different birthdays Random sample of n people (birthdays) taken from k (365) days k n samples with replacement (k) n =k(k-1)(k-n+1) sample without replacement Probability of repetition: p = 1- (k) n /k n n(n-1)/2k = 0.5 if n=k The Birthday Paradox Hash Function Weaknesses 1-(k) n /k n = the probability that a pair share the same birthday If k = 365, n = 19 If there are 19 people in a room, there is a good chance that two of them share the same birthday! The Birthday Paradox Hash Function Weaknesses Hash Functions: There are many more pigeons than pigeonholes Many inputs will be mapped to the same output. That is, many input messages will have the same hash. Conclusion: The longer the length of the hash, the fewer collisions. Determining Hash Length Hash Size Quiz If the length of hash is 128 bits, then how many messages does an attack need to search in order to find two that share the same hash? Choose the correct answer: Secure Hash Algorithm Developed by NIST, specified in the Secure Hash Standard, originally 1993 Revised as SHA-1 in 1995 160 bit hash NIST specified SHA2 algorithms in 2002 Hash value lengths of 256, 384, and 512 Similar to SHA-1 Comparison of SHA Parameters Message Processing Hash Based Message Authentication Cryptographic hash functions generally execute faster Library code is widely available SHA-1 was not designed for use as a MAC because it does not rely on a secret key Issued as RFC2014 Has been chosen as the mandatory-to-implement MAC for IP security Used in other Internet protocols such as Transport Layer Security (TLS) Hash Based Message Authentication HMAC Security Security depends on the cryptographic strength of the underlying hash function Its much harder to launch successful collision attacks on HMAC because of secret key Hash Function Quiz Check the statements that are True: The one-way hash function is important not only in message authentication but also in digital signatures SHA processes the input one block at a time but each block goes through the same processing HMAC is secure provided that the embedded hash function has good cryptographic strengths such as one- way and collision resistant Hashes Lesson Summary Hash length should be at least 128 2^(64) message to find collision SHA1: 160-bit hash; SHA2: 256/384/512-bit hash Message processed/hashed block by block, result to next HMAC: hash the message with a secret key Message authentication


Proceedings. LNCS 10175. pages 152–182. Chameleon-Hashes with Ephemeral Trapdoors · 2017-12-13 · Chameleon-hash functions, also called trapdoor-hash functions, are hash functions

Practical Electromagnetic Template Attack on HMAC · 2020-05-20 · HMAC is a hash-based message authentication code proposed by Bellare, Canetti and Krawczyk in 1996 [3]. It is very

Approximate Search and Data Reduction Algorithms€¦ · • Similarity-preserving hash functions, or fuzzy hashes. • Similar in use to cryptographic hashes, but no avalanche effect

Integrity, Hashes, & Random Numberscs161/fa18/... · An MD5 "hash quine": an animated GIF that shows its own hash • SHA-1: 160 bits broken (as of spring 2017, but was known to be

Verified correctness and security of OpenSSL HMACkqy/resources/verified-hmac.pdf · HMAC is a cryptographic authentication algorithm, the “Keyed-Hash Message Authentication Code,”

Improved Generic Attacks Against Hash-based MACs and HAIFA · One of the most widely used MAC algorithms in practice is HMAC, a MAC construction using a hash function designed by

Chapter 3: HashingChapter 3: Hashing Hashing Types. Hashing Methods. Salting. Collisions. LM and NTLM Hashes (Windows). Hash Benchmarks. Message Authentication Codes (MACs)

CS 645 : Lecture 6 Hashes, HMAC, and Authentication

HASH FUNCTION, MAC, and HMAC Lecture 5...SHA (Secure Hash Algorithm) – SHA-1 Max message < 264 Output: 160-bit – SHA-2 Max message < 2128 Max output: 512-bit – SHA-3 Max message:

HASH FUNCTION, MAC, and HMAC Lecture 5

Verified Correctness and Security of OpenSSL HMAC...HMAC is a cryptographic authentication algorithm, the “Keyed-Hash Message Authentication Code,” widely used in conjunction with

Hashes and Message Digests - Interdisciplinarysidhanti/classes/csc4601/7_4601_04.pdfLouisiana State University 7- Hashes - 3 CSC4601 F04 Hashes Hash is also called message digest One-way

COM 5336 Cryptography Lecture 9 Hash, MAC, HMAC

Datasheet - STM32H730AB STM32H730IB STM32H730VB ... · Cryptographic/HASH acceleration • AES 128, 192, 256, TDES, HASH (MD5, SHA-1, SHA-2), HMAC • 2x OTFDEC AES-128 in CTR mode

Password(Cracking(gencyber.ialab.dsu.edu/2015/Electives/Password... · Rainbow(Tables(• Precomputed(table(for(reversing(cryptographic(hash(funcHons,(usually(for(cracking(password(hashes(•

Improved Generic Attacks Against Hash-based MACs and HAIFA · Damg ard hash function. Consequently, we obtain improved attacks on several HMAC constructions used in practice, in which

Lab t 8 (Hashing ) - CISO Academyx Hash file = hash es .txt (having set of 10 hashes per hashing algorithm) x Hashing algorithms = MD5, SHA1, SHA256, SHA512 and RIPEMD Lab Objective

CONVENTIONAL ENCRYPTION PRINCIPLES, CONVENTIONAL … · Information Security Unit-2 Symmetric Encryption, DES, AES Message Authentication, Hash algorithms, HMAC Unit-2 C ONVENTIONAL

Message Authentication Codes and Cryptographic Hash ...Building MACs from Hash Functions • HMAC is a MAC from hash functions. – Hash-based message authentication code • Let h

CN Series Ethernet Encryptors - senetas.com · a security system protecting sensitive but unclassified information. ... CBC Cipher Block Chaining ... HMAC Keyed-Hash Message Authentication

HASH FUNCTION, MAC, and HMAC Lecture 3 - … · Slide title In CAPITALS 50 pt Slide subtitle 32 pt Muhammad Rizwan Asghar July 28, 2017 HASH FUNCTION, MAC, and HMAC Lecture 3 …

The Hash of Hashes as a The Hash of Hashes as a 'Russian ... … · summarization of adverse events, the events are usually evaluated per a combination of subpopulations. Thus events

Hello, and welcome to this presentation of the STM32MP1 ... · The hash-based message authentication code (HMAC) is used to authenticate messages and verify their integrity. The HMAC

Cryptographic Hashes Outline...•HMAC - Hash-based MAC - published in RFC 2104. •Improves on security of basic keyed hash. •Security of HMAC depends only on security of the hash

ANOTHER LOOK AT HMACANOTHER LOOK AT HMAC NEAL KOBLITZ AND ALFRED MENEZES Abstract. HMAC is the most widely-deployed cryptographic-hash-function-based message authentication code. First,

WordPress.com€¦  · Web viewMD5 hash code and SHA-1 hash code are implemented along with HMAC algorithms i.e., • HMAC-MD5-96 • HMAC-SHA-1-96. In both cases, the full HMAC

Cryptography and Network Security Sicurezza delle …SSL, RC2 was also used. • For cryptographic hash function: HMAC-MD5 or HMAC-SHA are used for TLS, MD5 and SHA for SSL, while

HASH ALGORITHMS - Chapter 12 HASH ALGORITHMS - Chapter 12 MD5 SHA RIPEMD-160 HMAC

Recommendation for applications using approved … WORDS: digital signatures, hash algorithm, hash function, hash-based key derivation algorithms, hash value, HMAC, message digest,

ATSHA204A - Microchip Technologyww1.microchip.com/downloads/...CryptoAuth-ATSHA204A... · and Hash-Based Message Authentication Code (HMAC) Options ... The ATSHA204A can generate

Biocryptodisk Encryptor Model SD302(Ver5.11-3.03), … 29... · TOE Identification Biocryptodisk Encryptor Model SD302 (Ver5.11-3.03), ... HMAC (SHA-256):The Keyed-Hash Message Authentication

Perl Hashes Learning Objectives: 1. To understand the concept of Hash as a data structure 2. To learn the operations of Hash which are available in Perl

AttraCoin White Paper · AttraCoin White Paper 4 1.3. Hash Hashes play an important role. The blockchain can not be changed because the new block contains the hash of the previous

Knut Petter Åstebøl - Bibsys Petter Åstebøl ... During crim-inal investigation, ... file, where similar files get a similar hash digests. By comparing hashes,

The HMAC construction: A decade latercanetti/materials/hmac-10.pdf · Ran Canetti IBM Research. What is HMAC?