Cryptographic Hash Functions Quiz

Questions and Answers

What is the maximum estimated time for Eve to launch a collision attack using a hash function with a 64-bit digest?

Less than an hour

500 years

1 hour (correct)

10 thousand years

How many tests are needed to successfully perform a collision attack on MD5?

230 tests

280 tests

264 tests (correct)

2128 tests

What is the digest size of the SHA-1 hash function?

256 bits

160 bits (correct)

512 bits

128 bits

Which hash function is described to be resistant to collision attacks based on the Random Oracle Model?

SHA-512

What is the relationship between a message digest and a message authentication code (MAC)?

A MAC ensures the authenticity of the message sender

Which statement accurately describes the essential difference between a document and its fingerprint compared to a message and its message digest?

The document and fingerprint are linked while the message and digest can exist separately.

How long would it theoretically take to launch a collision attack on SHA-1 if tests can be performed at 230 per second?

About 10 thousand years

What are the three criteria that a cryptographic hash function must satisfy?

Preimage resistance, Second preimage resistance, Collision resistance

What is the purpose of a modification detection code (MDC)?

To ensure the integrity of the message

How many tests does SHA-512 require to find a collision with a probability of 1/2?

2^256 tests

Why can a conventional lossless compression method like StuffIt not be used as a cryptographic hash function?

It creates reversible messages, compromising its security.

What does second preimage resistance in a cryptographic hash function prevent?

Finding a message that has a specific hash output.

Which of the following statements about collision resistance is true?

It ensures that no two messages can ever produce the same hash output.

In the Random Oracle Model, what is the primary function of the oracle?

To simulate the behavior of a true cryptographic hash function.

What is a significant limitation of using a checksum function as a cryptographic hash function?

It lacks preimage resistance, leading to multiple valid inputs for a single checksum.

What aspect of document integrity can a fingerprint verify?

That the document has not been altered.

What is the primary output size of the SHA algorithm?

160-bit hash values

Which SHA version added in FIPS 180-2 does NOT exist?

SHA-128

What role do the 80 constants, K0 to K79, serve in the SHA-512 algorithm?

They provide round constants in the compression function.

What key feature is employed by the SHA-512 compression function?

Processing in 1024-bit blocks

If the first hexadecimal digits of buffers A, B, and C are 0x7, 0xA, and 0xE respectively, what is the leftmost hexadecimal digit of the resulting Majority function?

0xE

What aspect of SHA-1 has raised concerns about its future applications?

Security vulnerabilities indicated in 2005

Which function in SHA-512 is responsible for providing output based on the majority of input bits?

Majority function

Which of the following SHA versions was introduced as a part of the revised Secure Hash Standard?

SHA-512

Which property of a cryptographic hash function ensures that it is computationally infeasible to find two different inputs that produce the same hash output?

Collision-free property

What is the primary purpose of a Message Authentication Code (MAC)?

To authenticate a message using a keyed hash

How can HMAC security be compromised?

By finding a collision in the underlying hash algorithm

Which of the following is a characteristic of a cryptographic hash function that allows it to detect changes in a message?

It produces a fixed-size output regardless of input size

Which method is employed to achieve non-repudiation in digital signatures?

Encrypting the hash with a private signing key

What is the significance of using a pseudorandom function (PRF) in cryptography?

To derive keys cooperatively from a master key

In the context of digital signatures, what role does the public key play?

It verifies the signature created with the private key

What is the primary purpose of creating a message digest (MDC) when sending a message?

To verify the integrity of the message.

Which of the following elements are crucial for message authentication?

Integrity, confidentiality, non-repudiation.

Which hashing technique ensures that the original password cannot be easily retrieved from stored data?

One-way hashes

Why does the security of a Message Authentication Code (MAC) depend on the underlying hash algorithm?

Because a weaker hash algorithm can compromise the MAC's ability to detect alterations.

What is a significant disadvantage of using public-key encryption for message authentication?

It provides no confidence of the sender's identity.

In the context of symmetric message encryption, which statement is true?

The message is secure if both parties share the same key.

What occurs when signing a message using the sender's private key followed by encrypting with the recipient's public key?

It offers both secrecy and authentication.

What is a potential issue related to the use of PKCS in public-key encryption?

It causes the size of the encrypted message to increase.

Which factor contributes to the requirement of recognizing corrupted messages in public-key encryption?

Public keys are publicly available.

What is the primary violation that occurs when an oracle uses a formula h(M) = M mod n to create message digests?

It generates predictable digests.

According to the pigeonhole principle, if a hash function produces 4-bit digests and accepts 6-bit messages, how many different messages can correspond to a single digest?

64

How many digests should Eve create to have more than a 50% probability of finding an original message with a 64-bit digest?

Approximately 0.69 × 2^64

If Eve can generate 2^30 messages per second, how long would it take her to find a preimage for a 64-bit digest?

Approximately 500 years

In the case of a collision attack with a 64-bit digest, how many digests would Eve need to create to exceed a probability of 50% in finding two messages with the same digest?

Approximately 1.18 × 2^33

What characteristic of a cryptographic hash function is directly challenged by a collision attack on a 64-bit digest?

The ability to generate unique digests.

What does the 'k' represent in the generalized version of the pigeonhole principle related to message digests?

The maximum number of collisions possible.

When evaluating the security of a digest size of 64 bits against different types of attacks, which attack is the digest least secure against?

Collision attack

Study Notes

Cryptography and Network Security Week 9-11

• This week covers message integrity, cryptographic hash functions, cryptographic hash function criteria, preimage resistance, second preimage resistance, collision resistance, random oracle model, and message authentication.

Message Integrity

• Cryptography systems typically provide secrecy/confidentiality but not integrity.
• Integrity ensures the message hasn't been altered.
• Preserving document integrity: Using a fingerprint (analogous to a digital fingerprint/message digest). Alice places her fingerprint at the bottom of a document.
• Electronic equivalent of document/fingerprint pair: message/digest pair.
• A hash function converts a message into a fixed-size digest.

Cryptographic Hash Function Criteria

• Preimage resistance: Given a hash, it is computationally infeasible to find the original message producing that hash.
• Second preimage resistance: Given a message and its hash, it is computationally infeasible to find a different message with the same hash.
• Collision resistance: It is computationally infeasible to find two different messages with the same hash.

Random Oracle Model

• Introduced in 1993 by Bellare and Rogaway.
• Serves as an ideal mathematical model for hash functions.
• Assumes the hash function is a random oracle. This means that the hash function acts like a random function—it maps inputs to outputs in a completely unpredictable way.

Message Authentication

• A message digest by itself does not authenticate the sender.
• Modification detection code (MDC): Digest created by cryptographic hash function.
• Message authentication code (MAC): Needed for authenticating the sender.
• A MAC uses a secret key known only to the sender and receiver.

Attack Types and Algorithms

• Preimage Attack: Given a digest, find the original message
• Second Preimage Attack: Given a message, find another message with the same digest.
• Collision Attack: Find two different messages with the same digest.
• The difficulty of the attacks increase proportionally to 2ⁿ (preimage), 2ⁿ (second preimage), and 2^n/2 (collision), where n is the number of bits in the digest/hash value.
  • Example 11.2: A checksum function is not a cryptographic hash function.

Additional Points

• Cryptographic hash functions are important for message integrity and authentication when data needs to persist longer than its encryption.
• A 64-bit digest offers security against preimage attacks but not collision attacks; a 128-bit digest is preferred for better security.
• SHA-1 and MD5 were popular hash functions, but are now considered vulnerable to attack due to improvements in computer processing and discovery of weaknesses in the algorithms.
• SHA-2 (e.g. SHA-512) was introduced as a replacement for previous versions to increase security, but still relies on iteration and can be attacked by a cryptanalytic attacks.
• Whirlpool: An iterated hash function that uses a symmetric-key block cipher in place of the compression function; the block cipher is a modified AES cipher.

Description

Test your knowledge on cryptographic hash functions with this quiz. Explore questions about collision attacks, digest sizes, and essential differences between message digests and MACs. Discover the requirements for secure hash functions and their use in data integrity.