One Way Hash Functions and Length Extension Attack

One Way Hash Functions and Length Extension Attack

The basic building block of cryptography is one-way hash functions. The main feature of One way hash functions is that they are One Way and collision resistant.

  • Integrity preservation
  • Blockchain
  • Collision Attack
  • MD5 — collision resistance feature is broken, one-way feature is not broken
  • MD6 — Developed in response to recommendation by NIST
  • SHA-1: Designed by the NSA; Collision attack was found in 2017.
  • SHA-2: Designed by the NSA; Includes SHA-256 and SHA-512
  • SHA-3: Released in 2015; It has different structure plan (according to SHA-1 and SHA-2)
  • Committing a Secret Without Telling Itek)
  • Password Verification
  • Trusted Timestamping

Get Kali | Kali Linux

A Kali Linux Live image on a CD/DVD/USB/PXE can allow you to have access to a full bare metal Kali install without…

www.kali.org

https://www.kali.org/downloads/

  • It’s just a random string value.
  • Rainbow Table Attack: Possible passwords are kept in the table with their pre-prepared hash values. The difference from the Dictionary attack is that the hashes of possible words are found in the file and the password hash is checked directly with the hash in the file. In this way, the hash value is not calculated for each password during the check, it saves processing power and is effective in small-sized jobs.
  • If this property (same hashes) is not valid, all previously calculated data is useless.
  • By adding extra data to the pure hash value, it destroys the feature of having these hash values the same.
  • Approach #1: By publishing a One-Way Hashi (rather than a document) in a newspaper or magazine.
  • Approach #2: The Time Stamping Authority (TSA –Time Stamping Authority-KamuSM-TUBITAK) can sign the hash using the private key. Timestamp is accepted as legal evidence in Turkey. It can be used as a proof document in proof of copyright by being recorded with a timestamp in the files containing the offer right.
  • Approach #3:
  • Use blockchain i.e. a growing list of records (blocks)
  • Publish the hash document on a blog
  • Blockchain depends on one-way hash
  • MITM can capture and manipulate data
  • The receiver is required to verify the integrity of the data (whether the data has been modified).
  • Add tags to data
  • Using the one-way hash as a tag won’t work because MITM can recompute the hash.
  • A secret (key) must be used in the hash, which is shared between the sender and the receiver.
  • MITM cannot compute hash without secret key
  • Can be used with any one-way hash function
  • Managed by ledgers (records) in a peer-to-peer network
  • The accepted ledger block is difficult to change because it requires replacing all subsequent blocks
  • Popular app is Bitcoin
  • Topics we will cover:
  • Hash Chain and Blockchain
  • Make Chaining Difficult
  • Adding Incentives and Bitcoin
  • If a block is modified, it will fall off the chain and will not be considered part of the chain.
  • If the original data is changed, the whole chain needs to be rebuilt.

  • Bitcoin example: blocks contain information about bitcoin transactions
  • Chaining : Hash value of one block is inside the next block
  • If a block is changed:
  • All chains after this block are broken

  • The block hash must meet the requirement (e.g. 20 leading zeros)
  • The number of leading zeros intentionally increases over time, as computational power will increase over time.

  • people/companies calling nonce are “miners”

  • Assume two certificate requests for www.example.com and www.attacker.com have the same hash due to conflict
  • The CA(certificate authority ) signature of one of the two requests will be equivalent
  • An attacker can retrieve the signed certificate for www.example.com without owning it
  • Integrity of Programs
  • Ask the CA to sign the hash of a legitimate program
  • The attacker creates a malicious program with the same hash
  • Legitimate program certificate also valid for malicious version
  • These two examples are theoretical and their applicability is questionable.

Bir yanıt yazın

E-Posta adresiniz yayınlanmayacaktır.

Bu site, istenmeyenleri azaltmak için Akismet kullanıyor. Yorum verilerinizin nasıl işlendiği hakkında daha fazla bilgi edinin.

Siteyi kullanmaya devam ederek çerezlerin kullanılmasını kabul etmiş olursunuz.. daha fazla bilgi

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close