Homework Soursethis is network security system class student id j00386388 3
this is network security system class
student id j00386388
3.Consider the following questions about cryptographic hashes.
a.With regard to hash functions, do they typically accept a fixed-length input or do they typically produce a fixed-length output? (Choose one.)
b.Since hashes are one-way functions, what are they typically used for?
c.A checksum is a small numerical representation of a block of data that is designed so that if any of the data is corrupted, the checksum is extremely likely to be different. How is a checksum different from a hash? That is, what properties of a hash does a checksum lack?
d.What is the difference between collision resistant and second preimage resistant?
Solution
a. Hash function produce a fixed length of output. It is a mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length. Hash function coverts data of arbitrary length to a fixed length. This process is often referred to as hashing the data. In general, the hash is much smaller than the input data, hence hash functions are sometimes called compression function. Since a hash is a smaller representation of a larger data, it is also referred to as a digest. Hash function with n bit output is referred to as an n-bit hash function. Popular hash functions generate values between 160 and 512 bits.
b. Hash functions are extremely useful and appear in almost all information security applications. Generally for any hash function h with input x, computation of h(x) is a fast operation.Computationally hash functions are much faster than a symmetric encryption. Hash functions provide protection to password storage. Data integrity check is a most common application of the hash functions. It is used to generate the checksums on data files. This application provides assurance to the user about correctness of the data.
C .A checksum has a special purpose, it verifies or checkes the integrity of data . \"Good\" checksums are easy to compute, and can detect many types of data corruptions (e.g. one, two, three erroneous bits).A hash code simply describes a mathematical function that maps data to some value. When used as a means of indexing in data structures (e.g. a hash table), a low collision probability is desirable. Hash code is designed to be random across its domain (to minimize collisions in hash tables and such).Cryptographic hash codes are also designed to be computationally infeasible to reverse. Check sum is designed to detect the most common errors in the data and often to be fast to compute (for effective check summing fast streams of data).Checksums just need to be different when the input is different (as far as possible), but it\'s almost as important that they\'re fast to compute. Hash codes (for use in hash tables) have the same requirements, and additionally they should be evenly distributed across the code space, especially for inputs that are similar. Computation times comes second Hash codes and checksums are both used to create short numerical value from a data item. The difference is that a checksum value should change, even if a small modification is made to the data item. For a hash value, the requirement is merely that real-world data items should have distinct hash values. A clear example are strings. A checksum for a string should include each and every bit, and order matters. A hashcode on the other hand can often be implemented as a checksum of a limited-length prefix. That would mean that \"aaaaaaaaaaba\" would hash the same as \"aaaaaaaaaaab\", but hash algorithms can deal with such collisions.
d. Collision resistance is about the infeasibility of finding two distinct inputs m and m\' such that h(m) = h(m\'). The attacker gets to choose m and m\' arbitrarily, as long as he ends up with two distinct messages that hash to the same value. Second-preimage resistance is very similar except that the attacker does not get to choose m. Instead, we give him m, and challenge him with finding m\' (distinct from m) such that h(m) = h(m\').A second-preimage is also a collision, but we keep the concept distinct because second-preimages are supposed to be substantially harder. If the hash function has an output of n bits and is \"perfect\" (no known weakness), then the cost of finding a collision is 2n/2, while the cost of finding a second-preimage is 2n (i.e. a lot more).Suppose that we are talking about signatures. Since a signature algorithm begins by hashing the data that is to be signed, and then works only with the resulting hash value, then it follows that if h(m) = h(m\'), then a signature s on message m will also be a valid signature on message m\'. The goal of the attacker is to forge a signature, i.e. get a signature that seems valid on a message of his choosing. If the attacker sees a valid, signed message m, then he may want to find a message m\' that hashes to the same value. This is the second-preimage model. For the signature system to be robust, the hash function must provide second-preimage resistance.Collision resistance, on the other hand, is not necessary in that case. It is necessary, though, with another model where the attacker can obtain a signature on a message m that looks innocent, and wants that signature to be also valid on a message m\' with less benign contents. For instance, I am the attacker and I send you a contract where you promise to send me 1$. However, I crafted that contract m such that it collides (hashes to the same value) with a slightly different contract m\', where you promise to send me 1000000$. If I can get you to sign the first contract, then, thanks to the collision, your signature also applies to the second one (and you lose).Thus, collision resistance and second-preimage resistance are two distinct concepts, and what you need depends on the context. In the case of signatures, you need at least second-preimage resistance; but if the context is such that the attacker can obtain signatures on data that he chooses, then collision resistance is also needed.
