Académique Documents
Professionnel Documents
Culture Documents
Hash Algorithm
Yuan Xue
Fall 2013
Limitations
CBC-based MAC generation still involves high
computation overhead
fingerprint
Password storage (one-way encryption)
Digital signature
Authentication
Authentication,
digital signature
Authentication, confidentiality
MAC
HMAC(K,M) = H[(K+opad)||H[(K+ipad)||M]]
MD5
Message-Digest algorithm 5
By Ronald Rivest in 1991 based on MD4
Digest length: 128-bit
Weak collision resistance
Vulnerable to collision attack (no strong collision resistance)
SHA hash functions (all by NSA)
SHA-0 in 1993; 160-bit hash value
SHA-1 in 1995; 160-bit hash value
widely used, once considered as the successor to MD5
SHA-2
SHA-224, SHA-256; SHA384; SHA512
Digest length (based on name)
SHA-0 and SHA-1 are vulnerable to collision attacks
Recent result on SHA-1: collision attack on SHA-1 that would allow an attacker to
select at least parts of the message.
@Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security
Hash Algorithm Design
Iterative use of compression function
Compression function
Specifically designed for the hash function
Based on symmetric block cipher
1. Append padding
bits
(to 448 mod 512)
3. Initialize MD buffer
Word A = 01 23 45 67
Word B = 89 AB CD EF
Word C = FE DC BA 98
Word D = 76 54 32 10
@Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security
Hash Algorithm Design – MD5
16 steps
Single step
Length-extension attacks
given h(m) and len(m) but not m, by choosing a suitable
Birthday problem
(http://en.wikipedia.org/wiki/Birthday_problem)
For h-bit hash value, the bruce-force attack complexity is
2h/2.
functions are MD5 and SHA-1. However, MD5 has been broken; an
attack against it was used to break SSL in 2008. In February 2005, a
successful attack on SHA-1 was reported, finding collisions in about
269 hashing operations, rather than the 280 expected for a 160-bit
hash function. In August 2005, another successful attack on SHA-1
was reported, finding collisions in 263 operations.
@Yuan Xue (yuan.xue@vanderbilt.edu) CS 285 Network Security
Readings
Required Reading
[WS] 11.1-11.5
[KPS] 5.5
http://en.wikipedia.org/wiki/MD5
http://en.wikipedia.org/wiki/Birthday_attack
Recommended Reading
[WS] 11.6
[KPS] 5.1-5.2