Introduction to Computer Security – G6077
Dr. Imran U Khan Engineering and Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Overview
Introduction and checksum method Key characteristics
General design of hashing algorithms Popular hashing algorithms Applications of hashing
Salting hashing
Collisions
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Introduction and checksum method
Cryptography is to provide privacy, prove identity and show integrity
Secret key used to provide secrecy/privacy but we need a method to check integrity of a message
Hashing used either to hide the original contents of a message or to check the integrity of data
In the past, checksum method used to check integrity of data e.g.
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Adding a value to list of number so that the total would be a multiple of 9
If 4, 5 and 13 were to be sent 4+5+13 = 22
What number shall we add to 22 to get a multiple of 9? Ans: 5 (22+5=27)
The following values/data will be rejected e.g.
4+5+13 with a checksum of 8
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Will provide 30 (4+5+13+8(cs)) which is not a multiple of 9
Hashing methods /functions: a mathematical function that converts a numerical input value into another compressed numerical value
Input to the function varied in length but output is always of fixed length
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Returned values are called hash values or message digest
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Key characteristics of Hash functions
Must be hard to retrieve the original text from the hash value
Must be hard to find two different inputs of any length that result in the same hash. In other words, for a hash function h, it is hard to find any two different inputs x and y such that h(x) = h(y)
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
General design of hashing algorithms
Function operates on two fixed-size blocks
Block size varies depends on the algorithm, 128 bits to
512 bits
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Hashing algorithm involves rounds of above hash function like a block cipher
Each round takes an input of fixed size of message block and output of the last round
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Popular Hash functions
Message Digest (MD)
MD2, MD4, MD5 and MD6
128-bit hash function
MD5 most popular, widely used hash function
In 2004 collisions were found in MD5
Analytical attack reported
MD5 is compromised and not recommended anymore
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Secure Hash Function (SHA)
Four SHA algorithms; SHA-0, SHA-1, SHA-2, and SHA-3 SHA-0: 160-bit, released in 93 by NIST
SHA-1: most popular and widely used, employed in
protocols including SSL (Secure Socket Layer), in 2005
method was found for uncovering collisions for SHA-1 SHA-2: SHA-224, SHA-256, SHA-384 and SHA-512, no
successful attack on SHA-2 variants, weakness of SHA- 2 is that it follows design principle of SHA-1
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
SHA-3: 2012, Keccak algorithm, offers efficient performance and stronger resistance for attacks
RIPEMD
RACE Integrity Primitives Evaluation Message Digest – known as European family of Hash functions
RIPEMD-128, RIPEMD-160, 256 and 320
Based on MD4 design principles, provide questionable
security
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Whirlpool
512-bit hash function Whirlpool-0 and Whirlpool-T Derived from AES
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Applications of Hashing
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University
Dr. Imran U Khan, Lecturer (Teaching focused), Informatics Sussex University