Cryptographic Hash Functions Quiz

Questions and Answers

What is the maximum estimated time for Eve to launch a collision attack using a hash function with a 64-bit digest?

• Less than an hour
• 500 years
• 1 hour (correct)
• 10 thousand years

How many tests are needed to successfully perform a collision attack on MD5?

• 230 tests
• 280 tests
• 264 tests (correct)
• 2128 tests

What is the digest size of the SHA-1 hash function?

• 256 bits
• 160 bits (correct)
• 512 bits
• 128 bits

Which hash function is described to be resistant to collision attacks based on the Random Oracle Model?

SHA-512 (B)

What is the relationship between a message digest and a message authentication code (MAC)?

A MAC ensures the authenticity of the message sender (B)

Which statement accurately describes the essential difference between a document and its fingerprint compared to a message and its message digest?

The document and fingerprint are linked while the message and digest can exist separately. (C)

How long would it theoretically take to launch a collision attack on SHA-1 if tests can be performed at 230 per second?

About 10 thousand years (D)

What are the three criteria that a cryptographic hash function must satisfy?

Preimage resistance, Second preimage resistance, Collision resistance (B)

What is the purpose of a modification detection code (MDC)?

To ensure the integrity of the message (D)

How many tests does SHA-512 require to find a collision with a probability of 1/2?

2^256 tests (B), 2^256 tests (C)

Why can a conventional lossless compression method like StuffIt not be used as a cryptographic hash function?

It creates reversible messages, compromising its security. (B)

What does second preimage resistance in a cryptographic hash function prevent?

Finding a message that has a specific hash output. (A)

Which of the following statements about collision resistance is true?

It ensures that no two messages can ever produce the same hash output. (C)

In the Random Oracle Model, what is the primary function of the oracle?

To simulate the behavior of a true cryptographic hash function. (A)

What is a significant limitation of using a checksum function as a cryptographic hash function?

It lacks preimage resistance, leading to multiple valid inputs for a single checksum. (C)

What aspect of document integrity can a fingerprint verify?

That the document has not been altered. (B)

What is the primary output size of the SHA algorithm?

160-bit hash values (B)

Which SHA version added in FIPS 180-2 does NOT exist?

SHA-128 (D)

What role do the 80 constants, K0 to K79, serve in the SHA-512 algorithm?

They provide round constants in the compression function. (C)

What key feature is employed by the SHA-512 compression function?

Processing in 1024-bit blocks (B)

If the first hexadecimal digits of buffers A, B, and C are 0x7, 0xA, and 0xE respectively, what is the leftmost hexadecimal digit of the resulting Majority function?

0xE (C)

What aspect of SHA-1 has raised concerns about its future applications?

Security vulnerabilities indicated in 2005 (D)

Which function in SHA-512 is responsible for providing output based on the majority of input bits?

Majority function (B)

Which of the following SHA versions was introduced as a part of the revised Secure Hash Standard?

SHA-512 (B)

Which property of a cryptographic hash function ensures that it is computationally infeasible to find two different inputs that produce the same hash output?

Collision-free property (C)

What is the primary purpose of a Message Authentication Code (MAC)?

To authenticate a message using a keyed hash (B)

How can HMAC security be compromised?

By finding a collision in the underlying hash algorithm (A)

Which of the following is a characteristic of a cryptographic hash function that allows it to detect changes in a message?

It produces a fixed-size output regardless of input size (D)

Which method is employed to achieve non-repudiation in digital signatures?

Encrypting the hash with a private signing key (C)

What is the significance of using a pseudorandom function (PRF) in cryptography?

To derive keys cooperatively from a master key (B)

In the context of digital signatures, what role does the public key play?

It verifies the signature created with the private key (C)

What is the primary purpose of creating a message digest (MDC) when sending a message?

To verify the integrity of the message. (A)

Which of the following elements are crucial for message authentication?

Integrity, confidentiality, non-repudiation. (A)

Which hashing technique ensures that the original password cannot be easily retrieved from stored data?

One-way hashes (A)

Why does the security of a Message Authentication Code (MAC) depend on the underlying hash algorithm?

Because a weaker hash algorithm can compromise the MAC's ability to detect alterations. (A)

What is a significant disadvantage of using public-key encryption for message authentication?

It provides no confidence of the sender's identity. (B)

In the context of symmetric message encryption, which statement is true?

The message is secure if both parties share the same key. (C)

What occurs when signing a message using the sender's private key followed by encrypting with the recipient's public key?

It offers both secrecy and authentication. (B)

What is a potential issue related to the use of PKCS in public-key encryption?

It causes the size of the encrypted message to increase. (D)

Which factor contributes to the requirement of recognizing corrupted messages in public-key encryption?

Public keys are publicly available. (B)

What is the primary violation that occurs when an oracle uses a formula h(M) = M mod n to create message digests?

It generates predictable digests. (A)

According to the pigeonhole principle, if a hash function produces 4-bit digests and accepts 6-bit messages, how many different messages can correspond to a single digest?

64 (C)

How many digests should Eve create to have more than a 50% probability of finding an original message with a 64-bit digest?

Approximately 0.69 × 2^64 (B)

If Eve can generate 2^30 messages per second, how long would it take her to find a preimage for a 64-bit digest?

Approximately 500 years (C)

In the case of a collision attack with a 64-bit digest, how many digests would Eve need to create to exceed a probability of 50% in finding two messages with the same digest?

Approximately 1.18 × 2^33 (A)

What characteristic of a cryptographic hash function is directly challenged by a collision attack on a 64-bit digest?

The ability to generate unique digests. (C)

What does the 'k' represent in the generalized version of the pigeonhole principle related to message digests?

The maximum number of collisions possible. (C)

When evaluating the security of a digest size of 64 bits against different types of attacks, which attack is the digest least secure against?

Collision attack (D)

Flashcards

Message Integrity

Ensuring that a message hasn't been altered during transmission.

Message Digest

A unique, fixed-size string of bits generated from a message using a cryptographic hash function.

Cryptographic Hash Function

A one-way function that maps messages of any length to digests of a fixed length, ensuring integrity.

Preimage Resistance

Resistance to finding a message that has a specific digest.

Second Preimage Resistance

Difficulty in finding a second message that has the same digest as an existing message.

Collision Resistance

The difficulty in finding two different messages with the same digest.

Random Oracle Model

A mathematical model for a hash function to make cryptographic analysis easier.

Cryptographic Hash Function Criteria

Criteria for a cryptographic hash function (preimage resistance, second preimage resistance, and collision resistance).

Pigeonhole Principle

If more items than containers exist, at least one container must hold more than one item.

Preimage Attack

Finding a message with a specific hash value.

Collision Attack

Finding two different messages that produce the same hash value.

Second Preimage Attack

Finding a different message with the same hash value as another given message.

Hash Function Security

Hash functions are secure if resistant to preimage and collision attacks.

Hash Digest Size and Attacks

The size of the hash digest affects the difficulty of preimage and collision attacks. Larger digests are harder to attack.

Number of Digests

The possible number of hash values (digests) depends on the digest size and measured in bits.

MD5 Attack Time

For MD5, finding a collision requires testing 264 (2128/2) combinations. Even with billions of tests per second, it takes centuries.

SHA-1 Weakness

While theoretically secure, SHA-1 has vulnerabilities that allow for collisions in less time than expected.

SHA-512

A newer, stronger hash function with a 512-bit digest, considered secure against collision attacks based on the Random Oracle Model.

Message Authentication Code (MAC)

A code used to verify the authenticity of a message and ensure that it was sent by the claimed sender.

Modification Detection Code (MDC)

A message digest that proves the integrity of a message by showing that it hasn't been altered.

Authentication vs. Integrity

Message authentication focuses on verifying the sender, while message integrity ensures the message's content hasn't been changed.

What does an MDC (Modification Detection Code) ensure?

An MDC ensures that a message hasn't been altered during transmission.

How does an MDC work?

Alice creates an MDC from her message and sends it to Bob along with the message. Bob creates a new MDC from the received message. If the two MDCs match, the message is unchanged.

What is another name for MDC?

MDC is also known as Message Authentication Code (MAC).

What are the security goals of message authentication?

Message authentication aims to protect message integrity, validate the sender's identity, and prevent repudiation (denial of sending).

How does symmetric encryption provide message authentication?

If both the sender and receiver know the same secret key, they can decrypt the message. This proves the sender created it and assures no alteration happened.

How does public-key encryption provide message authentication?

The sender signs the message with their private key and encrypts it with the receiver's public key. This confirms the sender and prevents modification.

What is a nested MAC?

A nested MAC uses a hash function within a MAC calculation to enhance security.

What is the main security concern with MACs?

The security of a MAC heavily depends on the security of the underlying hash algorithm.

HMAC Security

HMAC's security depends on the strength of the underlying hash function and the secrecy of the key. Attacks involve brute-forcing the key or finding collisions, but the keyed nature makes collision attacks extremely difficult.

Hash Function Purpose

Hash functions condense data of any size into a fixed-size digest, allowing for efficient verification of data integrity and authenticity. They are one-way functions, meaning it's extremely difficult to reverse.

Cryptographic Hash Function Properties

Cryptographic hash functions should be one-way (hard to find the original message from the hash) and collision-free (hard to find two different messages with the same hash).

MIC vs. MAC

A Message Integrity Check (MIC) uses a hash to verify data integrity, while a Message Authentication Code (MAC) uses a keyed hash for both integrity and authentication.

Digital Signature Purpose

Digital signatures use a private key to encrypt a hash of the message, ensuring non-repudiation (sender cannot deny sending), authenticity, and integrity.

Hash Function & Message Authentication (Unkeyed)

Unkeyed hash functions can be used for message authentication (using the message hash for verification), but are vulnerable to forgery if the hash or message is intercepted.

Hash Function & Message Authentication (Keyed)

Keyed hash functions (like HMAC) provide stronger message authentication by using a secret key to generate the hash, making forgery much harder.

Hash Function & Digital Signatures

Digital signatures use asymmetric cryptography and hash functions to provide non-repudiation, authenticity, and integrity. They are essential for secure communication.

SHA Algorithm

A secure hash algorithm based on MD4 with significant modifications. SHA produces fixed-length hash values (160 bits).

SHA-1 Security Concerns

In 2005, findings raised concerns about the long-term security of SHA-1, leading to its diminished use in new applications.

SHA-256, SHA-384, SHA-512

These are three additional SHA algorithms (SHA-2) introduced in FIPS 180-2 (2002). They offer increased security compared to SHA-1.

SHA-512 Compression Function

The heart of the SHA-512 algorithm, processing messages in 1024-bit blocks through 80 rounds.

SHA-512 Round Function

Each round in SHA-512 involves updating a 512-bit buffer using a 64-bit value (Wt) derived from the message and round constants based on prime numbers.

SHA-512 Round Constants

Derived from the cube roots of the first 80 prime numbers (2, 3...409). These constants are 64-bit values used in the round function.

Majority Function (SHA-512)

A logical operation in SHA-512 that selects the bit value that appears in the majority of its three inputs.

Conditional Function ( SHA-512)

A logical operation in SHA-512 that selects a bit value based on a specific condition. This condition depends on the input values.

Study Notes

Cryptography and Network Security Week 9-11

• This week covers message integrity, cryptographic hash functions, cryptographic hash function criteria, preimage resistance, second preimage resistance, collision resistance, random oracle model, and message authentication.

Message Integrity

• Cryptography systems typically provide secrecy/confidentiality but not integrity.
• Integrity ensures the message hasn't been altered.
• Preserving document integrity: Using a fingerprint (analogous to a digital fingerprint/message digest). Alice places her fingerprint at the bottom of a document.
• Electronic equivalent of document/fingerprint pair: message/digest pair.
• A hash function converts a message into a fixed-size digest.

Cryptographic Hash Function Criteria

• Preimage resistance: Given a hash, it is computationally infeasible to find the original message producing that hash.
• Second preimage resistance: Given a message and its hash, it is computationally infeasible to find a different message with the same hash.
• Collision resistance: It is computationally infeasible to find two different messages with the same hash.

Random Oracle Model

• Introduced in 1993 by Bellare and Rogaway.
• Serves as an ideal mathematical model for hash functions.
• Assumes the hash function is a random oracle. This means that the hash function acts like a random function—it maps inputs to outputs in a completely unpredictable way.

Message Authentication

• A message digest by itself does not authenticate the sender.
• Modification detection code (MDC): Digest created by cryptographic hash function.
• Message authentication code (MAC): Needed for authenticating the sender.
• A MAC uses a secret key known only to the sender and receiver.

Attack Types and Algorithms

• Preimage Attack: Given a digest, find the original message
• Second Preimage Attack: Given a message, find another message with the same digest.
• Collision Attack: Find two different messages with the same digest.
• The difficulty of the attacks increase proportionally to 2ⁿ (preimage), 2ⁿ (second preimage), and 2^n/2 (collision), where n is the number of bits in the digest/hash value.
  • Example 11.2: A checksum function is not a cryptographic hash function.

Additional Points

• Cryptographic hash functions are important for message integrity and authentication when data needs to persist longer than its encryption.
• A 64-bit digest offers security against preimage attacks but not collision attacks; a 128-bit digest is preferred for better security.
• SHA-1 and MD5 were popular hash functions, but are now considered vulnerable to attack due to improvements in computer processing and discovery of weaknesses in the algorithms.
• SHA-2 (e.g. SHA-512) was introduced as a replacement for previous versions to increase security, but still relies on iteration and can be attacked by a cryptanalytic attacks.
• Whirlpool: An iterated hash function that uses a symmetric-key block cipher in place of the compression function; the block cipher is a modified AES cipher.

Description

Test your knowledge on cryptographic hash functions with this quiz. Explore questions about collision attacks, digest sizes, and essential differences between message digests and MACs. Discover the requirements for secure hash functions and their use in data integrity.