The HMAC construction works around these problems. This property can be used to break naive authentication schemes based on hash functions. Currently, popular cryptographic hash functions are vulnerable to length-extension attacks: given hash( m) and len( m) but not m, by choosing a suitable m ′ an attacker can calculate hash( m ∥ m ′), where ∥ denotes concatenation. Collision resistance prevents an attacker from creating two distinct documents with the same hash.Ī function meeting these criteria may still have undesirable properties. Second pre-image resistance prevents an attacker from crafting a document with the same hash as a document the attacker cannot control. Thus, if two strings have the same digest, one can be very confident that they are identical. Informally, these properties mean that a malicious adversary cannot replace or modify the input data without changing its digest. The weaker assumption is always preferred in theoretical cryptography, but in practice, a hash-function which is only second pre-image resistant is considered insecure and is therefore not recommended for real applications. Ĭollision resistance implies second pre-image resistance but does not imply pre-image resistance. It requires a hash value at least twice as long as that required for pre-image resistance otherwise collisions may be found by a birthday attack. This property is sometimes referred to as strong collision resistance. Such a pair is called a cryptographic hash collision. Collision resistance It should be difficult to find two different messages m 1 and m 2 such that hash( m 1) = hash( m 2). Functions that lack this property are vulnerable to second-preimage attacks. This property is sometimes referred to as weak collision resistance. Second pre-image resistance Given an input m 1, it should be difficult to find a different input m 2 such that hash( m 1) = hash( m 2). Functions that lack this property are vulnerable to preimage attacks. This concept is related to that of a one-way function. Pre-image resistance Given a hash value h, it should be difficult to find any message m such that h = hash( m). In theoretical cryptography, the security level of a cryptographic hash function has been defined using the following properties: Most cryptographic hash functions are designed to take a string of any length as input and produce a fixed-length hash value.Ī cryptographic hash function must be able to withstand all known types of cryptanalytic attack. For example, a denial-of-service attack on hash tables is possible if the collisions are easy to find, like in the case of linear cyclic redundancy check (CRC) functions. Non-cryptographic hash functions are used in hash tables and to detect accidental errors, their construction frequently provides no resistance to a deliberate attack. Indeed, in information-security contexts, cryptographic hash values are sometimes called ( digital) fingerprints, checksums, or just hash values, even though all these terms stand for more general functions with rather different properties and purposes. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption. A cryptographic hash function ( CHF) is a hash algorithm (a map of an arbitrary binary string to a binary string with a fixed size of n bits (lower due to the birthday paradox).Ĭryptographic hash functions have many information-security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |