Lernkarten
What is a hash funciton and why is it useful
Takes a message of any length and creates a pseudorandom hash with a fixed length.
Used for Message authentication, Integrity, passwords
A good hash algorithm is fast, but not too fast
Whats a strong hash function
Any linput length results in a fixed size hash.
1. it has to be quick but not too quick
2. it has to introduce diffusion => 1 change results in many
3. Given a hash, we can’t reverse it
4. Given a message and its hash, we can’t find another message that hashes to the same thing
5. We can’t find any two messages that have the same hash
MD5: is strong but creates collisions => broken
SHA1 / SHA2: is strong and currently not broken
Whats the current hash standard
SHA-2 256 bit or 512 bit
SHA-3 is not better or worser than SHA-2
Which hash functions should be used for passwords and why is SHA-2 not a good solution
SHA-2 is to fast a attacker can generate a lot of hashes and compare the outputs to the found password
A good solution for password hashes are the following algorithms
- PBKDF2(Password-Based Key Derivation Function 2)
- bcrypt
works similar to SHA-2 but the process is repeated e.g. 5000 times this makes it 5000 times slower. also these algorithms are hard to run on a GPU which makes it more difficult to parallel create hashes to gues the password.
Where are hashes used
- Digital signatures
- message tampering is a common attack and with hashes it can be ensured that the message wasn't altered.
- The hash of the message is added to the packet the receiver applies the hash function on the content and compares it to the received hash, if both of them are the same it's more likely that the data hasn't been changed
