Presentation is loading. Please wait.

Presentation is loading. Please wait.

One-Way Hash Functions

Published byÉ Μαυρίδης Modified over 5 years ago

Similar presentations

Presentation on theme: "One-Way Hash Functions"— Presentation transcript:

1 One-Way Hash Functions

2 Overview of One-way Hash Functions
Essential building block in cryptography One-way and collision resistant properties Usage example: Password authentication Integrity preservation Blockchain Possible Attacks: Length extension attack Collision attack

3 Properties of One-way Hash Function
Difference from Hash Function Hash function: maps arbitrary size data to data of fixed size Example: f(x) = x mod 1000 One-way Hash Properties: One-way: hash(m) = h, difficult to find m Collision resistant: Difficult to find m1 and m2 s.t. hash(m1) = hash(m2) Common One-way Hash Functions: MD series SHA series

4 MD One-Way Hash Functions
MD stands for Message Digest Developed by Ron Rivest Includes MD2, MD4, MD5,and MD6 Status of Algorithms: MD2, MD4 - severely broken (obsolete) MD5 - collision resistance property broken, one-way property not broken MD6 - developed in response to proposal by NIST

5 SHA Published by NIST Includes SHA-0, SHA-1, SHA-2, and SHA-3
Status of Algorithms: SHA-0: withdrawn due to flaw SHA-1: Designed by NSA; Collision attack found in 2017 SHA-2: Designed by NSA; Includes SHA-256 and SHA-512; Other truncated versions; No significant attack found yet SHA-3: Released in 2015; Has different construction structure (compared to SHA-1 and SHA-2)

6 How One-Way Hash Algorithm Works
Construction method called Merkle–Damgard (Figure) Used by algorithms like MD5, SHA-1, and SHA-2

7 One-Way Hash Commands Linux utility programs
Example: md5sum, sha224sum, sha256sum, sha384sum and sha512sum

8 One-Way Hash Commands (Contd.)
Using openssl command to calculate hash

9 Computing One-Way Hash in Programs
Different languages including C/C++, Python, SQL, PHP provide support Language specific: MySQL - SHA2 function Python - Use hashlib package C - Use functions from openssl/sha.h header

10 Applications of One-Way Hash Functions
We will cover: Integrity Verification Committing a Secret Without Telling It Password Verification Trusted Timestamping

11 Integrity Verification
Changing one bit of the original data changes hash value Usage examples: Detect change in system files Detect if file downloaded from website is corrupted

12 Committing a Secret Without Telling It
One-way property Disclosing the hash does not disclose the original message Useful to commit secret without disclosing the secret itself Usage Example - Stock Market Need to make prediction about the stock market about a certain day Publish the hash of the secret on your website On the particular day, release the secret Your audience can verify it against the hash

13 Password Verification
To login into account, user needs to tell a secret (password) Cannot store the secrets in their plaintext Need for: Password storage where nobody can know what the password is If provided with a password, it verified against the stored password Solution: one-way hash function Example: Linux stores passwords in the /etc/shadow file

14 Case Study: Linux Shadow File
Password field has 3 parts: algorithm used, salt, password hash Salt and password hash are encoded into printable characters Multiple rounds of hash function (slow down brute-force attack)

15 Purpose of Salt Using salt, same input can result in different hashes
Password hash = one-way hash rounds (password || random string) Random string is the salt

16 Attacks Prevented by Salt
Dictionary Attack Put candidate words in a dictionary Try each against the targeted password hash to find a match Rainbow Table Attack Precomputed table for reversing cryptographic hash functions Why Salt Prevents them ? If target password is same as precomputed data, the hash will be the same If this property does not hold, all the precomputed data are useless Salt destroys that property

17 Trusted Timestamping Need: How to prove that a document existed prior to certain date ? Timestamping Approaches: Approach # 1: Publish one-way hash (instead of document) in a newspaper or a magazine Approach # 2: Time Stamping Authority (TSA) can sign the document hash using private key Approach # 3: Use Blockchain i.e. a growing list of record (blocks) Publish document hash in a block Blockchain depends on one-way hash

18 Message Authentication Code (MAC)
Network communication can encounter MITM attacks MITM can intercept and modify data Receiver needs to verify integrity of data Attach tag to data Using one-way hash as tag won’t work because MITM can recompute hash Use a shared secret (key) between sender and receiver in the hash MITM cannot compute hash without secret key

19 Length Extension Attack on MAC
Key and message need to be mixed properly before computing hash Simple concatenation (K || M) does not work

20 Keyed-Hash MAC (HMAC) Uses hash function H (compression function block size B) and a secret key K ipad = 0x36 (B times), opad = 0x5c (B times) Can be used with any one-way hash function

21 Blockchain and Bitcoins
Continuously growing list of records, called blocks Managed by ledgers in a peer-to-peer network Accepted ledger block is difficult to modify because it requires alteration of all subsequent blocks Popular application is Bitcoin We will cover: Hash Chain and Blockchain Make Chaining Difficult Adding Incentives and Bitcoin

22 Hash Chain Successive application of a one-way hash function to a piece of data If a block gets modified, it will fall off from the chain, and will not be considered as part of the chain If original data is changed, then the entire chain needs to be regenerated

23 Blockchain Similar to hash chain, but has additional information in each block Bitcoin example: information about bitcoin transactions in blocks Create Chain: Hash value of a block is inside the next block If one block is modified: All the chains after this block are broken Require need to re-chain all the subsequent blocks

24 Blockchain: Make Chaining Difficult
Nonce is added to each block Block hash must satisfy requirement (e.g. 20 leading zeros) Since computation power will increase over time, number of leading zeros is intentionally increased over time

25 Blockchain Incentives and Bitcoin
Provide bitcoins to anyone who can find nonce to chain blocks Companies / individuals who search for the nonce are “miners”

26 Hash Collision Attacks
Popular one-way hash functions have trouble maintaining the collision-resistance property We will cover: Security Impact of Collision Attacks Generating Two Different Files with the Same MD5 Hash Generating Two Programs with the Same MD5 Hash

27 Security Impact of Collision Attacks
Forging public-key certificates Assume two certificate requests for and have same hash due to collision CA signing of either request would be equivalent Attacker can get certificate signed for without owning it Integrity of Programs Ask CA to sign a legitimate program’s hash Attacker creates a malicious program with same hash The certificate for legitimate program is also valid for malicious version These two examples are theoretical with questionable feasibility

28 Generating Two Different Files with the Same MD5 Hash
md5collgen tool generates two files with same prefix

29 Length Extension Generate two files with same prefix and same suffix
Focus on MD5, SHA-1, SHA-2 using Merkle-Damgard construction If Hash (M) = Hash (N), then for any input T, Hash (M || T) = Hash (N || T)

30 Length Extension (Contd.)
Example using out1.bin and out2.bin generated by md5collgen

31 Generating Two Programs with the Same MD5 Hash
Create two versions of program below with different value for xyz

32 Two Programs with Same Hash (Contd.)
Program will be compiled into binary (fill xyz with fixed value) Portion of binary containing xyz will be divided into three parts

33 Two Programs with Same Hash (Contd.)
Use md5collgen on prefix: generate two files with same hash last 128 bit of each generated file is P and Q MD5 (prefix || P) = MD5 (prefix || Q) MD5 (prefix || P || suffix) = MD5 (prefix || Q || suffix)

34 Two Programs with Same Hash (Contd.)

35 Summary One-way hash function is an essential building block in cryptography Important Properties: One-way and Collision resistant Applications Password authentication Trusted Timestamping Blockchain and Bitcoin MAC used to preserve integrity of communication One-way hash are subject to length extension and collision attacks

Download ppt "One-Way Hash Functions"

Similar presentations

Lecture 5: Cryptographic Hashes

Lecture 5: Cryptographic Hashes
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel:03-5742968, Fax : 886-3-572-3694.

1 Chapter 5 Hashes and Message Digests Instructor: 孫宏民 Room: EECS 6402, Tel: , Fax :
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.

Chapter 4  Hash Functions 1 Overview  Cryptographic hash functions are functions that: o Map an arbitrary-length (but finite) input to a fixed-size output.
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.
CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.

CS526Topic 5: Hash Functions and Message Authentication 1 Computer Security CS 526 Topic 5 Cryptography: Cryptographic Hash Functions And Message Authentication.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 31 Network Security

Chapter 31 Network Security
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.

Hashing Algorithms: Basic Concepts and SHA-2 CSCI 5857: Encoding and Encryption.

Similar presentations

Ads by Google