Lernkarten

Karten 61 Karten
Lernende 7 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 31.07.2020 / 18.04.2021
Lizenzierung Keine Angabe
Weblink
Einbinden
0 Exakte Antworten 61 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

What is a hash funciton and why is it useful

Takes a message of any length and creates a pseudorandom hash with a fixed length.

Used for Message authentication, Integrity, passwords

A good hash algorithm is fast, but not too fast

Fenster schliessen

Whats a strong hash function

Any linput length results in a fixed size hash.

1. it has to be quick but not too quick

2. it has to introduce diffusion => 1 change results in many

3. Given a hash, we can’t reverse it 

4. Given a message and its hash, we can’t find another message that hashes to the same thing  

5. We can’t find any two messages that have the same hash 

MD5: is strong but creates collisions => broken

SHA1 / SHA2: is strong and currently not broken

Fenster schliessen

Whats the current hash standard

SHA-2 256 bit or 512 bit

 

SHA-3 is not better or worser than SHA-2

Fenster schliessen

Which hash functions should be used for passwords and why is SHA-2 not a good solution

SHA-2 is to fast a attacker can generate a lot of hashes and compare the outputs to the found password

A good solution for password hashes are the following algorithms

  • PBKDF2(Password-Based Key Derivation Function 2)
  • bcrypt

works similar to SHA-2 but the process is repeated e.g. 5000 times this makes it 5000 times slower. also these algorithms are hard to run on a GPU which makes it more difficult to parallel create hashes to gues the password.

Fenster schliessen

Where are hashes used

  • Digital signatures
  • message tampering is a common attack and with hashes it can be ensured that the message wasn't altered. 
    • The hash of the message is added to the packet the receiver applies the hash function on the content and compares it to the received hash, if both of them are the same it's more likely that the data hasn't been changed