Hash Functions

What 2 things does hash function strength depend on?

-Design: only brute force attack available (not cryptanalyzable) -Hash length (n) should be large enough

What happens during a one-way cryptographic hash function attack?

-Impersonation at the password-hashes storage systems -Forcing false positives in hashing tables

What are 3 possible attacks on cryptographic hash functions?

-One-way attacks -Weak collision attacks -Strong collision attacks

What's the block size of SHA-512/384?

1024

What's the hash value length of SHA-0?

160 bits

What's the hash value length of SHA-1? What structure is it similar to?

160 bits, MD5

What's the internal state size of SHA-256/224?

256

What's the output size of SHA-256/224?

256/224

What's the minimum accepted barrier for algorithmic complexity?

2^80

Once the blocks are completely divided, how many rounds are performed in MD5 and with how many operations/what operations?

4 rounds are performed, having 16 operations each of them: -Non-lineal functions -Addition modulo 2^32 -Bit rotation

What's the block size of SHA-0?

512

What's the block size of SHA-1?

512

What's the block size of SHA-256/224?

512

What's the internal state size of SHA-512/384?

512

What's the output size/internal state size/block size of WHIRLPOOL?

512

What's the output size of SHA-512/384?

512/384

What does a Hash function produce?

A fixed-size hash value

What's a collision resistant hash function?

A hash function, H, is collision resistant if it's hard to find 2 inputs that hash to the same output; that is, 2 inputs a and b such that H(a) = H(b), and a ≠b

What happens during a weak collision cryptographic hash function attack?

Faking public key certificates, digitally signed documents, source code, etc.

What's efficiency?

Fast calculation of the hash value in both software and hardware implementations

What's determinism?

For a given input, multiple runs of the function must always generate the same hash value

What's the weak collision resistant property for cryptographic hash functions?

For any given message M, it's computationally unfeasible to find a message M' ≠ M such that H(M) = H(M')

What's the one-way property for cryptographic hash functions?

For any given value h, it's computationally unfeasible to find an M' such that: H(M') = h

For MD5, what's the final hash bit length?

Hash value of 128 bits length

What kind of input does a Hash function take?

A variable-length block of data (M)

What happens during a strong collision cryptographic hash function attack?

Birthday attack to fake digitally signed documents

For MD5, the message is divided into blocks of what length?

Blocks of 512 bits length; padding addition to the last block

For hash functions with the extra requirements of working with messages of any size and compute fixed-size hash values, what must be done?

Compression

What's the security core of the hash function (and therefore the cryptanalyst's focus)?

Compression function design

What's the main goal of a Hash function?

Data integrity

After the initial block division of the message in MD5, how are the blocks divided further?

Each block is again divided into 16 sub-blocks of 32 bits length

What's diffusion?

If a single bit of the message M is changed, then H(M) must change approximately half of its bits

What's the strong collision-resistant property for cryptographic hash functions?

It is computationally unfeasible to find two messages M and M' such that: H(M) = H(M')

Why is padding is also appended sometimes in the Merkle-Damgard structure?

It makes harder to find collisions: -2 equal length messages that collide -2 different length messages that collide when appending their own length

What does collision refer to in terms of hash functions?

It's when tow inputs hash to the same output

What hash function is broken and how many bits does it produce?

MD5; it produces hashes of 128 bits

What structure is most commonly used in modern hash functions?

Merkle-Damgard structure

Does SHA-256/224 have collisions?

No

Does SHA-512/384 have collisions?

No

Does WHIRLPOOL have collisions?

No

What's the difference between SHA-225/384 and SHA-256/512?

SHA-224/SHA-384 are reduced versions of SHA-256/SHA-512 (64 rounds instead of 80 and with different initial values)

What is true if the compression function is collision resistant?

So is the hash function (not necessarily the reverse)

What are SHA-224, SHA-256, SHA-384 and SHA-512 part of?

The SHA-2 family; they all share a "new" common structure with no vulnerabilities found yet

What does the algorithmic complexity (strength) of a hash function depend on?

The probability of finding a collision using a collision attack

What does it mean for a hash function to be "broken"?

There's no technique for producing collisions in less than brute force time

Does SHA-1 have collisions?

With flaws

Does MD5 have collisions?

Yes

Does SHA-0 have collisions?

Yes