Scribd
Upload
5 views

Lesson 2 Hashing and Hashing Algorithms

The document provides an overview of secure hash functions, which are mathematical algorithms that convert data into fixed-size hash values, ensuring data integrity and security. It discusses their applications in authentication, data indexing, and detecting data corruption, as well as the properties that make them effective, such as preimage resistance and collision resistance. Additionally, it covers the evolution of hash algorithms, including SHA-1, SHA-2, and SHA-3, and emphasizes the importance of techniques like salting and peppering for password security against brute-force attacks.

Uploaded by

Yasin Ebrahimi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views

Lesson 2 Hashing and Hashing Algorithms

The document provides an overview of secure hash functions, which are mathematical algorithms that convert data into fixed-size hash values, ensuring data integrity and security. It discusses their applications in authentication, data indexing, and detecting data corruption, as well as the properties that make them effective, such as preimage resistance and collision resistance. Additionally, it covers the evolution of hash algorithms, including SHA-1, SHA-2, and SHA-3, and emphasizes the importance of techniques like salting and peppering for password security against brute-force attacks.

Uploaded by

Yasin Ebrahimi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

1

March 2023
Secure Hash Function
Information Security

Secure Hash Functions

S. Hassan Adelyar, Ph.D


Instructor of Computer Science Faculty
Kabul University

March 2023
2
Hash Function March 2023
Secure Hash Function

◼ A mathematical algorithm that maps data of


arbitrary size (message) to a bit array of a fixed
Information Security

size (hash value, hash, or message digest).


◼ It is a one-way function (infeasible to invert or
reverse the computation).
◼ Ideally, the only way to find a message that
produces a given hash is to attempt a brute-
force search of possible inputs.
3
March 2023
Secure Hash Function

Hash FF03-0B467
Information Security

Hash function is a basic tool of D578-2A467


modern cryptography

Hash Function
Hash function: a basic tool of FB09-986F
modern cryptography

Hash function, a basic tool of A355-CD07


modern cryptography

Hash function - basic tool of


modern cryptography 5B73-0890

Note: A small change in the input drastically changes the output (digest).
4 Purpose of Hash Function
March 2023
Secure Hash Function
◼ Hash functions are used:
◼ For authentication (digital signature,
message authentication codes, fingerprint
Information Security

of a file).
◼ To index data in hash tables

◼ To detect duplicate data or uniquely identify


files
◼ As checksums to detect accidental data
corruption.
◼ Blockchain & BitCoin
5
March 2023
Secure Hash Function

◼ Here are two other examples of secure hash


function applications:
Information Security

◼ Passwords: A hash of a password is stored


by an operating system rather than the
password itself.
◼ Thus, the actual password is not
retrievable by a hacker who gains access to
the password file.
6
March 2023
Secure Hash Function

◼ In simple terms, when a user enters a


password, the hash of that password is
Information Security

compared to the stored hash value for


verification.
7
March 2023
Secure Hash Function

◼ Intrusion detection: Store the hash value


for a file, H(F), for each file on a system and
Information Security

secure the hash values.


◼ One can later determine if a file has been
modified by re-computing H(F).
◼ An intruder would need to change F without
changing H(F).
8 The Properties of Hash Functions
March 2023
Secure Hash Function

◼ To be useful for message authentication, a


hash function H must have the following
Information Security

properties:
◼ H can be applied to a block of data of any
size.
◼ H produces a fixed-length output.
9
March 2023
Secure Hash Function

◼ H(x) is relatively easy to compute for any


given x, making both hardware and
Information Security

software implementations practical.


◼ For any given code h, it is computationally
infeasible to find x such that H(x) = h.
◼ A hash function with this property is referred
to as one-way or preimage resistant.
◼ For any given block x, it is computationally
infeasible to find y ≠ x with H(y) = H(x).
10
March 2023
Secure Hash Function

◼ A hash function with this property is referred


to as second pre-image resistant. This is
Information Security

sometimes referred to as weak collision


resistant.
◼ It is computationally infeasible to find any
pair (x, y) such that H(x) = H(y).
◼ A hash function with this property is referred
to as collision resistant. This is sometimes
referred to as strong collision resistant.
11
March 2023
Secure Hash Function

◼ Security of Hash Functions


◼ As with symmetric encryption, there are two
Information Security

approaches to attacking a secure hash


function:
◼ Cryptanalysis

◼ Brute-force attack

◼ As with symmetric encryption algorithms,


cryptanalysis of a hash function involves
exploiting logical weaknesses in the algorithm.
12
March 2023
Secure Hash Function

◼ The strength of a hash function against brute-


force attacks depends solely on the length of
Information Security

the hash code produced by the algorithm.


◼ For a hash code of length n, the level of effort
required is proportional to the following:
13
March 2023
Secure Hash Function

◼ If collision resistance is required then the value


2n/2 determines the strength of the hash code
Information Security

against brute-force attacks.


◼ With a hash length of 160 bits, the same
search machine would require over four
thousand years to find a collision.
14
March 2023
Secure Hash Function

◼ Secure Hash Function Algorithms


◼ In recent years, the most widely used hash
Information Security

function has been the Secure Hash Algorithm


(SHA).
◼ SHA was developed by NIST and published as a
federal information processing standard in
1993.
◼ When weaknesses were discovered in SHA, a
revised version was issued in 1995 and is
generally referred to as SHA-1.
15
March 2023
Secure Hash Function

◼ SHA-1 produces a hash value of 160 bits.


◼ In 2002, NIST produced a revised version of the
Information Security

standard that defined three new versions of


SHA, with hash value lengths of 256, 384, and
512 bits, known as SHA-256, SHA-384, and
SHA-512.
◼ These new versions, collectively known as
SHA-2, have the same underlying structure and
use the same types of modular arithmetic and
logical binary operations as SHA-1.
16
March 2023
Secure Hash Function

◼ SHA-2, particularly the 512-bit version, would


appear to provide undisputable security.
Information Security

◼ However, because of the structural similarity of


SHA-2 to SHA-1, NIST decided to standardize a
new hash function that is very different from
SHA-2 and SHA-1.
◼ This new hash function, known as SHA-3, was
published in 2015 and is now available as an
alternative to SHA-2.
17
March 2023
Secure Hash Function
◼ Hash functions compute a fixed-length hash
value or a “fingerprint” on the plain text
message.
Information Security

◼ These hashes are unique to each plaintext.


◼ Therefore, this type of cryptography does not
use a cryptographic key.
◼ If the hash produces the same output, it
indicates that the information has not been
altered, compromised or damaged.
18
March 2023
Secure Hash Function
◼ Hash functions are used in many
cryptographic algorithms & protocols,
including MAC algorithms, digital signature
Information Security

algorithms, & authentication protocols.


19
March 2023
Secure Hash Function
◼ Hashing:
◼ Change a message to a fixed length fingerprint
Information Security

or digest.
◼ Example:
◼ HELLO = 8+5+12+12+15 = 52
◼ Purpose:
◼ To check changes

◼ Comparison

◼ Password Storage
20
March 2023
Secure Hash Function
◼ Identity Verification
◼ Integrity (file upload & download)
Information Security

◼ Blockchain
21
March 2023
Secure Hash Function
◼ Impossible to reverse but can be brute forced,
particularly if the message length is known.
Same Algorithm produce the same size digest.
Information Security

It can be the weak point of these Algorithms.


◼ Input to hash function:
◼ Message

◼ Data / File

◼ Packet
22
March 2023
Secure Hash Function
◼ Properties:
◼ Secure (not reversable)
Information Security

◼ Unique
◼ Hashing is commonly used for passwords:
◼ User name + Password → HF → Database
◼ Every time we login our credentials are
hashed.
23
March 2023
Secure Hash Function
◼ Options to protect passwords:
◼ Plain text (unsafe option)
Information Security

◼ Encrypted (key, if server is hacked)

◼ Hashing

◼ Hashing & Salting:


◼ A random keyword added to the password
before hashing.
◼ Salting reduce collision

◼ Salting is unique for each user password &


saved along with the password.
24
March 2023
Secure Hash Function
◼ If server is hacked than it make security
problem.
Information Security

◼ Peppering is used for solving this problem.


◼ Peppering:
◼ Common random number for all password.

◼ Not saved on the server but hardcoded onto


the website source code. If the server is
hacked it is safe.
◼ Today most websites use both salting (for
collision) & peppering (for security).
25
March 2023
Secure Hash Function
◼ Hackers can reverse the hash function by
trying every possible password to generate its
hash value.
Information Security

◼ GPU processor can generate 292 millions


passwords to hash values per second.
◼ Hacker can also use rainbow table to
accelerate this process. They use precomputed
hashed passwords to find weak & commonly
used passwords.
26
March 2023
Secure Hash Function
◼ Note: speed of hash function can be a +ve point
in many cases. However, in password we don’t
need this property.
Information Security
27
March 2023
Secure Hash Function
◼ To protect
passwords from
brute forced attack
Information Security

and GPU processor


speed:
◼ Use special hash
functions (bcrypt,
scrypt).
◼ They prevent brute
forced attack.
28
March 2023
Secure Hash Function
◼ This process has the following steps:
◼ The password is hashed without salt.
Information Security

◼ The bcrypt hash function take the hash, salt, &


cost. Cost define the number of rounds the
Algorithm goes through.
◼ The result is encrypted and the decrypting key
not stored in the database but in a separate
place.
29 Hash Function Tools
p March 2023
Secure Hash Function
◼ http://hash-functions.online-domain-tools.com/
Information Security
End of lesson 5

Question / Discussion?

You might also like