What is a hash funciton and why is it useful
Takes a message of any length and creates a pseudorandom hash with a fixed length.
Used for Message authentication, Integrity, passwords
A good hash algorithm is fast, but not too fast
Whats a strong hash function
Any linput length results in a fixed size hash.
1. it has to be quick but not too quick
2. it has to introduce diffusion => 1 change results in many
3. Given a hash, we can’t reverse it
4. Given a message and its hash, we can’t find another message that hashes to the same thing
5. We can’t find any two messages that have the same hash
MD5: is strong but creates collisions => broken
SHA1 / SHA2: is strong and currently not broken
Whats the current hash standard
SHA-2 256 bit or 512 bit
SHA-3 is not better or worser than SHA-2
Which hash functions should be used for passwords and why is SHA-2 not a good solution
SHA-2 is to fast a attacker can generate a lot of hashes and compare the outputs to the found password
A good solution for password hashes are the following algorithms
works similar to SHA-2 but the process is repeated e.g. 5000 times this makes it 5000 times slower. also these algorithms are hard to run on a GPU which makes it more difficult to parallel create hashes to gues the password.
Where are hashes used