CryptographyandNetworkSecurity(VariousHashAlgorithm：密码学与网络安全(不同的散列算法ppt课件.pptxVIP

Cryptography and Network Security (Various Hash Algorithms) Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Changed by Somesh Jha) 1 Birthday Attacks • might think a 64-bit hash is secure • but by Birthday Paradox is not • birthday attack works thus: – opponent generates 2m/2 variations of a valid message all with essentially the same meaning – opponent also generates 2m/2 variations of a desired fraudulent message – two sets of messages are compared to find pair with same hash (probability 0.5 by birthday paradox) – have user sign the valid message, then substitute the forgery which will have a valid signature • conclusion is that need to use larger MACs 2 Hash Function Properties • a Hash Function produces a fingerprint of some file/message/data h = H(M) – condenses a variable-length message M – to a fixed-sized fingerprint • assumed to be public 3 Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. given h is infeasible to find x s.t. H(x)=h • one-way property 5. given x is infeasible to find y s.t . H(y)=H(x) • weak collision resistance 6. is infeasible to find any x,y s.t . H(y)=H(x) • strong collision resistance 4 Block Ciphers as Hash Functions • can use block ciphers as hash functions – using H0=0 and zero-pad of final block – compute: Hi = EMi [Hi-1 ] – and use final block as the hash value – similar to CBC but without a key • resulting hash is too small (64-bit) – both due to direct birthday attack – and to “meet-in-the-middle” attack • other variants also susceptible to attack 5 Hash Algorithms • similarities in the evolution of hash functions block ciphers – increasing power of brute-force attacks – leading to evolution in algorithms – from DES to AES in block ciphers – from MD4 MD5 to SHA-1 RIPEMD-160 in hash algorithms • li