hashing (message digest)gauss.ececs.uc.edu/courses/c653/lectures/pdf/hash.pdf · hashing message...
TRANSCRIPT
![Page 1: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/1.jpg)
Hashing (Message Digest)
![Page 2: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/2.jpg)
.
.
.
.
.
..
.
.
.
.
.
Hashing (Message Digest)
![Page 3: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/3.jpg)
.
.
.
.
.
..
.
.
.
.
.
Hello There
Hashing (Message Digest)
![Page 4: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/4.jpg)
.
.
.
.
.
..
.
.
.
.
.What not
Hashing (Message Digest)
![Page 5: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/5.jpg)
Hash Function – One wayNeeded properties for cryptographically secure hash:
1. Computationally infeasible to find the message that has given the hash
2. Should be highly improbable for two messages to hash to the same number (and to find two messages with the same hash).
Message substitution computationally feasible otherwise
![Page 6: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/6.jpg)
Hash Function – One wayWhy worry about two messages with same hashes? Application: integrity check, message substitution is possible
Example: possible to find two different messages that have opposite meanings. AA gets assigned to write an email firing employee that AA likes. Email will have hash integrity check. It will be checked by boss and then signed before being sent.
I am writing {this memo} to {demand | request | inform you} that {Fred | Mr. Jones} {must} be {fired | terminated} {at once | immediately}. As the {July 11 | 11 July} {memo | memorandum} {from | issued by} {personnel | HR | Human Relations} states, to meet {our | the corporate} {quarterly | third quarter} budget {target | goal}, {we must..
I am writing {this letter | this memo | this memorandum | } to {officially} commend {Fred | Mr. Jones} for this {courage and independent thinking | independent thinking and courage}. {He | Fred | Mr. Jones} {clearly | } understands {the need | how} to get {the | his} job {done | accomplished} {at all costs | by whatever means necessary}, and {knows ...
![Page 7: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/7.jpg)
Hash Function – One way
Appearance to a cracker:
1. Looking at output, any bit should be 1 about ½ the time 0010111...1...001110
2. Each output should have about ½ of its bits set to 1
3. Any two outputs should be uncorrelated no matter how similar the inputs are
![Page 8: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/8.jpg)
Hash Function – One way
Birthday Problem: Assume a hash function H that pretty much randomly maps an integer input to an integer output. Suppose the number of output values for H is k. Pick n input integers randomly. How large should n be so that the probability that at least one pair of input integers map to the same output is 1/2?
Answer: Pr(some pair of inputs map to the same number) > ½ if
n > √ 2k
For k=365 days, n = 27
![Page 9: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/9.jpg)
Hash Function – One way
Birthday Problem: Assume a hash function H that pretty much randomly maps an integer input to an integer output. Suppose the number of output values for H is k. Pick n input integers randomly. How large should n be so that the probability that at least one pair of input integers map to the same output is 1/2?
Answer: Pr(some pair of inputs map to the same number) > ½ if
n > √ 2k
For k=365 days, n = 27
SHA: 160 bits output hence 280 numbers will likely produce a pair that has a collision
![Page 10: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/10.jpg)
Hashing (Message Digest)
.
.
.
.
.
..
.
.
.
.
.
Secret
The little brown fox jumped over the lazy dog's back
![Page 11: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/11.jpg)
Hashing (Message Digest)
.
.
.
.
.
..
.
.
.
.
.
The little brown fox jumped over the lazy dog's back
![Page 12: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/12.jpg)
Hashing (Message Digest)
.
.
.
.
.
..
.
.
.
.
.
The little brown fox jumped over the lazy dog's back
![Page 13: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/13.jpg)
Hashing (Message Digest)
.
.
.
.
.
..
.
.
.
.
.
The little brown fox jumped over the lazy dog's back
![Page 14: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/14.jpg)
Hashing (Message Digest)
.
.
.
.
.
..
.
.
.
.
.
The little brown fox jumped over the lazy dog's back
![Page 15: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/15.jpg)
Hashing (Message Digest)
.
.
.
.
.
..
.
.
.
.
.
The little brown fox jumped over the lazy dog's back
![Page 16: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/16.jpg)
Hashing (Message Digest)
.
.
.
.
.
..
.
.
.
.
.
The little brown fox jumped over the lazy dog's back
Output
![Page 17: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/17.jpg)
Hashing (Message Digest)
Java: class SecureRandom – produces a cryptographically secure random number class MessageDigest – produces a hash of a number of bytes depending on the algorithm used (SHA, MD5, etc.)
Cryptographically secure random number: 1. Given the first k bits of a CSPRN there is no efficient algorithm that will predict with probability better than 1/2 what the next bit will be 2. If information about a state of the computation is revealed at some point, it should be infeasible to produce the output bits that has been produced up to that point. If someone indexes into a published random sequence of bits – this point is violated.
![Page 18: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/18.jpg)
Hashing Authentication
.
.
.
.
.
..
.
.
.
.
.
.
.
.
.
.
..
.
.
.
.
.
S S
Client Server
![Page 19: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/19.jpg)
Hashing Authentication
.
.
.
.
.
..
.
.
.
.
.
.
.
.
.
.
..
.
.
.
.
.
S S
Client
Challenge R
Server
![Page 20: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/20.jpg)
Hashing Authentication
.
.
.
.
.
..
.
.
.
.
.
.
.
.
.
.
..
.
.
.
.
.
S S
Client
Hash(S | R)
Server
![Page 21: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/21.jpg)
Hashing Authentication
.
.
.
.
.
..
.
.
.
.
.
.
.
.
.
.
..
.
.
.
.
.
S S
ClientCheck Hash(S | R)?
Server
![Page 22: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/22.jpg)
Hashing Authentication
.
.
.
.
.
..
.
.
.
.
.
.
.
.
.
.
..
.
.
.
.
.
S S
Client
Challenge P
Server
![Page 23: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/23.jpg)
Hashing Authentication
.
.
.
.
.
..
.
.
.
.
.
.
.
.
.
.
..
.
.
.
.
.
S S
Client
Hash(S | P)
Server
![Page 24: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/24.jpg)
Hashing Authentication
.
.
.
.
.
..
.
.
.
.
.
.
.
.
.
.
..
.
.
.
.
.
S S
Client
Check Hash(S | P)?
Server
![Page 25: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/25.jpg)
Hashing Message IntegrityTry same as authentication except concatenate the message with the secretand pad (send Hash(S | M)).
![Page 26: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/26.jpg)
Hashing Message IntegrityTry same as authentication except concatenate the message with the secretand pad (send Hash(S | M)). Unfortunately, attacker can append a message since s/he knows Hash(S | M) and the Hash algorithm.
![Page 27: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/27.jpg)
Hashing Message IntegrityTry same as authentication except concatenate the message with the secretand pad (send Hash(S | M)). Unfortunately, attacker can append a message since s/he knows Hash(S | M) and the Hash algorithm.
Try Hash(M | S). But then if the digest for two messages is the same, theMAC for both messages is the same – doesn't smell right.
![Page 28: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/28.jpg)
Hashing Message IntegrityTry same as authentication except concatenate the message with the secretand pad (send Hash(S | M)). Unfortunately, attacker can append a message since s/he knows Hash(S | M) and the Hash algorithm.
Try Hash(M | S). But then if the digest for two messages is the same, theMAC for both messages is the same – doesn't smell right.
Try using only ½ of the bits of the digest – then attacker cannot appenda message so easily – but the digest should be longer to compensate.
![Page 29: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/29.jpg)
Hashing Message IntegrityTry same as authentication except concatenate the message with the secretand pad (send Hash(S | M)). Unfortunately, attacker can append a message since s/he knows Hash(S | M) and the Hash algorithm.
Try Hash(M | S). But then if the digest for two messages is the same, theMAC for both messages is the same – doesn't smell right.
Try using only ½ of the bits of the digest – then attacker cannot appenda message so easily – but the digest should be longer to compensate.
Try Hash(S | M | S).
![Page 30: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/30.jpg)
Hashing Message IntegrityTry same as authentication except concatenate the message with the secretand pad (send Hash(S | M)). Unfortunately, attacker can append a message since s/he knows Hash(S | M) and the Hash algorithm.
Try Hash(M | S). But then if the digest for two messages is the same, theMAC for both messages is the same – doesn't smell right.
Try using only ½ of the bits of the digest – then attacker cannot appenda message so easily – but the digest should be longer to compensate.
Try Hash(S | M | S).
HMAC, the winner: 1. Concatenate secret to front of message 2. Take the hash 3. Concatenate the secret to the front of the hash 4. Take the hash : Hash(S1 | Hash(S2 | M)) where S1 and S2 are derived from S
![Page 31: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/31.jpg)
Hashing Message IntegrityHMAC, the winner: 1. Concatenate secret to front of message 2. Take the hash 3. Concatenate the secret to the front of the hash 4. Take the hash : Hash(S1 | Hash(S2 | M))
S1 = S ⊕ constant1, S2 = S ⊕ constant2
Reason: It has been shown that HMAC has the following properties: 1. It is infeasible to find two inputs that yield the same output 2. An attacker that does not know S cannot compute the proper digest involving S and M even if the attacker knows the digest involving S and Mi for any Mi such that Mi is not the same as M
Provided: the underlying hash function is secure (has the same properties)
![Page 32: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/32.jpg)
Hashing Encryption
.
.
.
.
.
..
.
.
.
.
.
Secret
The little brown fox jumped over the lazy dog's back
Initialization Vector
To receiver
⊕
![Page 33: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/33.jpg)
Hashing Encryption
.
.
.
.
.
..
.
.
.
.
.
Secret
The little brown fox jumped over the lazy dog's back
⊕
![Page 34: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/34.jpg)
Hashing Encryption
.
.
.
.
.
..
.
.
.
.
.
Secret
The little brown fox jumped over the lazy dog's back
To receiver
⊕
![Page 35: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/35.jpg)
Hashing Encryption
.
.
.
.
.
..
.
.
.
.
.
Secret
The little brown fox jumped over the lazy dog's back
⊕
![Page 36: Hashing (Message Digest)gauss.ececs.uc.edu/Courses/c653/lectures/PDF/hash.pdf · Hashing Message Integrity Try same as authentication except concatenate the message with the secret](https://reader036.vdocument.in/reader036/viewer/2022071218/604eaf4179d85a2d177a15e8/html5/thumbnails/36.jpg)
Hashing Encryption
.
.
.
.
.
..
.
.
.
.
.
Secret
The little brown fox jumped over the lazy dog's back
⊕
To receiver