Untitled Quiz
48 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the approximate time it takes for Eve to launch an attack using a hash function with a 64-bit digest?

  • 1 week
  • 1 month
  • 1 hour (correct)
  • 1 day
  • How many tests does the adversary need to perform a collision attack on MD5?

  • 264 (correct)
  • 230
  • 280
  • 232
  • What is the digest size of the hash function SHA-1?

  • 512 bits
  • 160 bits (correct)
  • 256 bits
  • 128 bits
  • What is the primary design difference between SHA-1 and the revised Secure Hash Standard versions?

    <p>The revised versions provide higher security levels.</p> Signup and view all the answers

    How long does it take to launch an attack on SHA-1 assuming the adversary can perform $2^{30}$ tests per second?

    <p>10,000 years</p> Signup and view all the answers

    What size is the digest produced by the new hash function SHA-512?

    <p>512 bits</p> Signup and view all the answers

    How many rounds does the SHA-512 compression function consist of?

    <p>80 rounds</p> Signup and view all the answers

    From what values are the round constants in SHA-512 derived?

    <p>First 80 prime numbers</p> Signup and view all the answers

    Why is a message authentication code (MAC) needed?

    <p>To prove the sender's identity.</p> Signup and view all the answers

    What does a modification detection code (MDC) assure?

    <p>The message has not been modified.</p> Signup and view all the answers

    What is the output size of SHA-512 hash values?

    <p>512 bits</p> Signup and view all the answers

    What is processed in 1024-bit blocks during SHA-512 computation?

    <p>Message data</p> Signup and view all the answers

    What is the approximate number of tests required to find a collision using SHA-512?

    <p>2256</p> Signup and view all the answers

    Which function is NOT part of the round structure in SHA-512?

    <p>Binary search function</p> Signup and view all the answers

    Which of the following describes the SHA-256 hashing process?

    <p>It is more secure than SHA-1.</p> Signup and view all the answers

    What is the leftmost hexadecimal digit of the result when applying the Majority function on buffers with values 0x7, 0xA, and 0xE?

    <p>0xE</p> Signup and view all the answers

    What is the primary purpose of a message digest (MDC) in message transmission?

    <p>To ensure the message has not changed during transmission</p> Signup and view all the answers

    Which of the following is NOT a concern of message authentication?

    <p>Ensuring message confidentiality</p> Signup and view all the answers

    How does symmetric message encryption contribute to authentication?

    <p>By ensuring only the sender and receiver know the key used</p> Signup and view all the answers

    In public-key encryption, what can provide both secrecy and authentication?

    <p>Signing the message with the sender's private key and encrypting with the recipient's public key</p> Signup and view all the answers

    What happens to the size of a message during the signing and encryption process using public-key encryption?

    <p>The size may double due to encryption and signing overhead</p> Signup and view all the answers

    What security requirement relates to ensuring that a sender cannot deny sending a message?

    <p>Non-repudiation</p> Signup and view all the answers

    Which function is NOT typically used for message authentication?

    <p>Asymmetric encryption</p> Signup and view all the answers

    What is a primary challenge when using public-key encryption for messaging?

    <p>Public-key encryption does not confirm the sender's identity</p> Signup and view all the answers

    What is the primary purpose of using salt in password hashing?

    <p>To deter precomputation attacks</p> Signup and view all the answers

    Which of the following best describes the role of the server in Lamport one-time passwords?

    <p>The server hashes the user's password for verification</p> Signup and view all the answers

    In the context of the Birthday Paradox, what is the implication of a 64-bit hash?

    <p>It can be considered unreliable for generating unique signatures.</p> Signup and view all the answers

    What action does Alice perform when using the Lamport one-time password protocol?

    <p>She sends a hash derived from her password to the server.</p> Signup and view all the answers

    Which mechanism is ineffective for security but reasonable for data integrity checking?

    <p>One-bit circular shift on hash value</p> Signup and view all the answers

    What is a primary feature of the birthday attack as described?

    <p>It can produce valid signatures for both original and forged messages.</p> Signup and view all the answers

    How does the Lamport one-time password protocol enhance security against interception?

    <p>It prevents an attacker from obtaining the password even if they intercept communications.</p> Signup and view all the answers

    What is a limitation of simple hash functions highlighted in the content?

    <p>They offer reasonable data integrity but lack security.</p> Signup and view all the answers

    What is the implication of using a formula like h(M) = M mod n for creating message digests?

    <p>It can lead to a violation of randomness requirements.</p> Signup and view all the answers

    Given that messages are 6 bits long and digests are 4 bits long, what is the conclusion based on the pigeonhole principle?

    <p>At least one digest corresponds to multiple messages.</p> Signup and view all the answers

    How long would it take Eve to create enough digests to find the original message if each digest is 64 bits long?

    <p>More than 500 years.</p> Signup and view all the answers

    What is the probability threshold for Eve to find two messages with the same digest in a collision attack?

    <p>More than 0.5.</p> Signup and view all the answers

    In a collision attack with a 64-bit digest, how many digests must Eve create to have more than a 50% chance of a collision?

    <p>About 1.18 × 2^32 digests.</p> Signup and view all the answers

    What happens when the number of messages exceeds the number of possible unique digests?

    <p>It increases the risk of collision attacks.</p> Signup and view all the answers

    What does the generalized pigeonhole principle state about occupied pigeonholes?

    <p>If n pigeonholes are occupied, k + 1 messages can exist in one.</p> Signup and view all the answers

    If Eve can create digests at a rate of 1 million messages per second, how long will it take to perform a collision attack?

    <p>About two hours.</p> Signup and view all the answers

    What is the maximum length of padding that can be added to a message according to SHA-512 specifications?

    <p>1023 bits</p> Signup and view all the answers

    What is necessary for padding to be required in SHA-512?

    <p>A length field needs to be added.</p> Signup and view all the answers

    If the length of the original message is 2590 bits, how many padding bits are added?

    <p>353 bits</p> Signup and view all the answers

    What is the minimum possible length of padding in SHA-512 if the original message is such that (−|M| − 128) mod 1024 = 0?

    <p>0 bits</p> Signup and view all the answers

    How long can a message be to be compliant with SHA-512 before needing to be shortened?

    <p>Less than 2^128 bits</p> Signup and view all the answers

    What is the digest size produced by SHA-512?

    <p>512 bits</p> Signup and view all the answers

    How many pages would a message of 2^128 bits occupy if each page holds approximately 2048 bits worth of characters?

    <p>2^110 pages</p> Signup and view all the answers

    What occurs when the original message's length is already a multiple of 1024 bits?

    <p>Only the length field needs to be added.</p> Signup and view all the answers

    Study Notes

    Message Integrity

    • Cryptography systems presented so far offer secrecy but not integrity
    • Integrity ensures the message hasn't been altered
    • A fingerprint, like a cryptographic hash function, can be used to check for integrity.

    Document and Fingerprint

    • A physical document's integrity can be ensured using a fingerprint
    • Alice can ensure the contents of her document aren't changed by affixing her fingerprint at the bottom
    • A document fingerprint is analogous to a message digest.

    Message and Message Digest

    • The digital equivalent of a document and fingerprint is a message and a digest pair
    • A hash function transforms the message into its digest (fingerprint)
    • A message's integrity is verified by comparing the calculated digest with the stored digest.

    Difference

    • Documents and fingerprints are physically linked
    • Messages and digests can be unlinked and compared separately
    • The message digest must be protected from tampering to maintain integrity.

    Checking Integrity

    • Hash functions calculate a current digest
    • Comparison with the previous digest determines if a message has been altered
    • Discard an altered message, or re-transmit it.

    Cryptographic Hash Function Criteria

    • Cryptographic hash functions must satisfy three criteria
    • Preimage resistance: Infeasible to find an input (preimage) producing a given output.
    • Second preimage resistance: Infeasible to find a second input producing the same output as a given input.
    • Collision resistance: Infeasible to find two different inputs producing the same output.

    Preimage Resistance

    • A preimage attack attempts to find an input that produces a given output
    • Given a hash value, it's computationally infeasible to find its corresponding message.
    • The difficulty is proportional to 2^n, where n is the hash value's length.

    Lossless Compression

    • Lossless compression methods are not suitable for cryptographic hash functions
    • They create reversible compressed messages.

    Checksums

    • Checksums are not robust enough for cryptographic hash functions
    • They're not preimage resistant, meaning multiple messages might have the same checksum.

    Second Preimage Resistance

    • A second preimage attack tries to find a second message with the same hash value as a known message
    • Finding a second preimage is computationally infeasible, proportional to 2^n

    Collision Resistance

    • A collision attack finds two different messages with the same hash value
    • Finding collisions is computationally infeasible, proportional to 2^(n/2)

    Random Oracle Model

    • Introduced by Bellare and Rogaway in 1993, it's an ideal mathematical model for hash functions.
    • It assumes the hash function acts like a random oracle, outputting random values for every input.

    Oracle Table

    • A table used to store messages and their corresponding digests generated by an oracle.
    • The oracle checks the table for a matching message before calculating the digest.

    Pigeonhole Principle

    • If n pigeonholes contain more than n pigeons, at least one pigeonhole must contain more than one pigeon.
    • This concept is applicable to hash functions, where if more messages map to fewer possible digests, there's a high probability of collisions.

    Example of collisions

    • If messages have 6 bits and digests have only 4 bits, there are more messages than possible digests (2^6 > 2^4)
    • The probability of collision is greater than zero in this simplified example.

    Algorithms Attacks

    • Algorithms to attack preimage, second preimage, & collision attacks.
    • Calculating difficult attack costs against input lengths (2^n, 2^(n/2).

    Message Authentication Code(MAC)

    • Message digests don't authenticate the sender
    • A MAC adds a proof of authorship
    • MACs use cryptographic hash functions combined with secret keys for message authentication

    Modification Detection Code (MDC)

    • A MDC is a message digest that serves as proof of integrity
    • Alice creates an MDC and sends it along with the message to Bob
    • Bob calculates a new MDC from the received message.
    • If the new MDC is the same as the received one, then the message is undamaged.

    MAC Security

    • MAC security relies on the underlying hash function’s strength
    • Brute-force and cryptanalytic threats exist
    • Increased bit sizes of hash functions offer increased security

    Keyed Hash Functions

    • A hash function used to generate MACs
    • This method uses both a message and a secret key to derive the MAC.
    • The keyed hash includes a key along with the message to create unique hash values.

    HMAC

    • An improvement over keyed hash functions, HMAC ensures wider security against attacks.
    • HMACs use a hash function combined with a key and padding to increase the security and resistance of the MACs.
    • It's a secure way to apply hash functions to messages paired with a secret key.

    Hash Function Uses

    • Hash functions can condense arbitrary-length messages into fixed-size digests.
    • They're used to detect changes to messages, verify data integrity, and in processes like password storage.
    • Hash functions provide one-way mappings and are collision-resistant for security purposes

    Cryptographic Hash Function

    • A mathematical function that maps a message of arbitrary length to a fixed-size hash value—a digest—that acts as a message fingerprint.

    Hash Function Uses

    • Message Integrity Check (MIC): Calculating a hash of message for integrity checks
    • Message Authentication Code (MAC): Using a keyed hash function to protect a message's integrity
    • Digital Signatures (Non-repudiation): Encrypting a hash with a private key for non-repudiation

    Birthday Attacks

    • Birthday paradox demonstrates that the probability of a collision increases significantly given more inputs when there are a limited number of possible outcomes.
    • Attackers aim to find collisions by generating many messages with the same hash function result.
    • When the number of possible hashed messages exceeds the square root of the total hashes, there's a greater probability of collisions.

    Hash Function Cryptanalysis

    • Hash functions use an iterative structure involving multiple message blocks
    • Cryptanalytic attacks seek to exploit the structure of hash functions to find collisions faster than an exhaustive search.

    Block Ciphers as Hash Functions

    • Block ciphers can be adapted into hash functions, but their output can be too small for security.
    • Vulnerable to birthday and meet-in-the-middle attacks due to their relatively short output lengths

    Secure Hash Algorithms (SHAs)

    • Designed by NIST and NSA in 1993
    • Reimplemented with additional versions in 1995 for increased security
    • Produces longer, 160-bit hash values, which make it more resistant to attacks.

    Revised Secure Hash Standard

    • NIST introduced revisions with additional SHA versions.
    • Enhanced versions of SHA designed for security compatibility with the AES cipher.

    SHA-512 Overview

    • Processing messages in 1024-bit blocks
    • 80 rounds of iterations in the compression functions

    SHA-512 Compression Function

    • Compressing messages in 1024-bit blocks during SHA-512 operation.
    • 80 rounds, updating a 512-bit buffer
    • 64-bit values derived from the message block
    • Round constant values extracted by cube roots of 80 prime numbers

    SHA-512 Round Function

    Structure of Each Round

    Majority Function

    Conditional Function

    Rotate Functions

    Compression Function

    Message Digest Initialization

    • Initialization values of constants utilized in the SHA-512 message digest.

    Message Preparation

    • SHA-512 requires the length of the message to be under 2^128 bits.

    Padding and length field in SHA-512

    Padding Calculation

    Padding Necessity

    Minimum and Maximum Padding

    Characteristics of Secure Hash Algorithms (SHAs)

    SHA-3

    • A new hash algorithm designed to address vulnerabilities in older SHA versions

    SHA-3 Requirements

    • Replacing SHA-2 with SHA-3 to uphold similar hash sizes and the online procedures in smaller block sizes.

    Two groups of compression functions

    Iterated Hash Function (Merkle-Damgård Scheme)

    • A hash function that processes the message in multiple blocks, using a compression function iteratively.

    Rabin Scheme

    Davies-Meyer Scheme

    Miyaguchi-Preneel Scheme

    Secure Hash Algorithm (SHA-1)

    • A 160-bit hash algorithm, designed by NIST & NSA

    SHA Overview

    SHA-1 Compression Function

    Message-Digest 5 (MD5)

    • Designed by Ronald Rivest
    • 128-bit message hash, widely used, later found to have vulnerabilities.

    MD5 Overview

    MD5 Compression Function

    MD4

    • Precursor to MD5
    • Designed for speed with little-endian architecture

    Strength of MD5

    • Hash is dependent on all message bits, but vulnerabilities exist in newer analyses.

    SHA-1 Verses MD5

    • Brute force attack is harder for SHA-1 than MD5
    • SHA-1 is a bit Slower than MD5

    Revised Secure Hash Standard

    • Provides additional SHA versions with higher security standards

    Whirlpool

    • A 512-bit hash algorithm based on the Miyaguchi-Preneel scheme with a customized AES block cipher as the compression function.

    Whirlpool Cipher

    SubBytes

    ShiftColumns

    MixRows

    AddRoundKey

    Key expansion in the Whirlpool cipher

    CMAC

    CMAC Overview

    CMAC

    Authenticated Encryption

    Counter with Cipher Block Chaining-Message Authentication Code (CCM)

    Galois/Counter Mode (GCM)

    GCM Functions

    Authenticated Encryption

    Generic Composition

    Comparison

    Inclusion

    Verification Method

    Relationship

    Duplicity

    Process

    Digital Signature Process

    Need for Keys

    Signing the Digest

    Services

    Message Integrity

    Nonrepudiation

    Confidentiality

    Attack Types

    Forgery Types

    Digital Signature Schemes

    RSA Digital Signature Scheme

    Key Generation

    Signing and Verifying

    ElGamal Digital Signature Scheme

    Key Generation

    Verifying and Signing

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    More Like This

    Untitled Quiz
    37 questions

    Untitled Quiz

    WellReceivedSquirrel7948 avatar
    WellReceivedSquirrel7948
    Untitled Quiz
    18 questions

    Untitled Quiz

    RighteousIguana avatar
    RighteousIguana
    Untitled Quiz
    50 questions

    Untitled Quiz

    JoyousSulfur avatar
    JoyousSulfur
    Untitled Quiz
    48 questions

    Untitled Quiz

    StraightforwardStatueOfLiberty avatar
    StraightforwardStatueOfLiberty
    Use Quizgecko on...
    Browser
    Browser