Information Security Notes 3 - Hash function

Hash function, known as message digest, used for verification in general.

Famous hash: MD5, SHA1, SHA-256

Hash is discuss in Data Structure

---

MD construction || Length extension attacks

Two conditions for Length extension attacks:

• When thee encrypted data is less than 64 bytes, it will be filled automatically.(padding)
• Encrypt the plaintext in blocks according to this fixed length and use the encryption result of the previous block as the next encrypted block (Initial Vector).

MD5, SHA-1 SHA-2 are all with MD construction
SHA-3 is not.
The most effective way to prevent hash collisions is to expand the bits where the hash values are taken.

Attacks on (Ideal) Hash functions

• Brute-force: To break the n-bits hash, we need to perform 2^(n-1) operations.
• Second Pre-image: given a fixed message, output another message such that their hash values are the same, requires 2^(n-1) operations.
• Birthday attack: To obtain any two message that has the same hash values, requires only 2^(n/2) operations! Birthday Attacker is Maths

Hash Chain

Can be used in applications that requires only one-way authentication e.g. security token
How it works: Hash another Hash

Hash list

Verifying the top hash can assery the correctness of data
When data is transferred, we cut the file into small pieces. Each data packet have a hash value. We put all hash value together as a top hash. Hash check the top hash.

Hash Tree(Merkle Tree)

Hashing like a tree. By verifying the root hash.
Usage: git, p2p system, Bitcoin

Message Authentication Code (MAC)

MAC is a small bit of information that can be used to check the authenticity and the integrity of a message.

• Authenticity: from the designated person
• Integrity: unmodified

Requirment of MAC

• Computable: very fast
• Unforgeable: cannot be forged by attacker
• One-wayness: Message cannot be recovered from MAC

Limitation of MAC

MAC requires a key to verify (symmetric).

Digital Signature

• Asymmetric key version of MAC
• SSL?
• Anyone has the public key can verify the document is signed by a signer

Example of Digial Signatures

• RSA-PSS
• DSA
• ECDSA => shortest, fastest and more secure

Comparing MAC and Digital Signature

• MAC is not publicly verifiable
• MAC is faster, because requires a hash operation only