Hash functions comp security

What were code books in the nineteenth century used for?

What were code books in the nineteenth century used for?

They protected and shortened transactions, mapping words or phrases to fixed-length groups of letters or numbers.

What is a hash function used for in cryptography?

It protects the integrity and authenticity of messages, preventing manipulation of ciphertext to cause predictable changes in plaintext.

Why did banks realize that stream ciphers and code books were inadequate?

They didn't protect message authenticity, making it possible for an attacker to substitute codewords, like changing ‘1000’ to ‘1,000,000.’

What is a one-way function in cryptography?

A function where a test key can be computed from a message, but it’s impossible to reverse the process and recover the message or key.

What is an asymmetric cryptosystem?

A system where different keys are used for encryption and decryption, such as using a public key to encrypt and a private key to decrypt.

What is the purpose of a digital signature in cryptography?

To sign a message with a private key and allow anyone to verify it using the public signature verification key.

Why is a 64-bit block cipher inadequate for message security?

Forging a message would be too easy, requiring the cost of only a small number of messages.

What was significant about Wang, Yiqun Lisa Yin, and Hongbo Yu's work on SHA-1?

They worked on SHA-1 developed an algorithm to find collisions, showing that SHA-1 was vulnerable, leading to a shift to stronger hash functions like SHA-2.

What is the risk of hash collisions in forensic systems?

A collision would signal tampering, triggering further investigation to see whether evidence was altered.

What is a Merkle tree in cryptography?

It is a structure that hashes multiple inputs into a single output, often used in code signing and blockchain applications.

How does key updating work in cryptography?

It involves hashing a shared key at agreed times to prevent an attacker from decrypting past traffic if they compromise a system.

What is forward security in cryptography?

It ensures that once a compromised system exchanges a message with an uncompromised one, security is recovered.

What is autokeying in cryptography?

It involves updating a key by hashing it with exchanged messages, recovering security after the next exchange the attacker can't observe. It ensures that once an attacker misses an exchange, security can be restored, making it harder to compromise ongoing communications.

What cryptographic system was first used in EFT payment terminals in Australia?

Forward security with asymmetric cryptography was first used.

What is the modern approach to authenticated encryption?

Using a mode of operation designed for authenticated encryption, avoiding weak hash functions like MD5.

Why is it difficult to reverse a one-way function?

Because the test key doesn't contain enough information to recover the original message or key.

What is the potential threat to public key cryptography systems?

False public keys can be inserted into the system, or the systems themselves can be hacked or coerced.

What was a major vulnerability of SHA-1?

The major vulnerability of SHA-1 was an algorithm was developed that could find collisions, weakening its security and leading to its replacement with stronger hash functions like SHA-2.

What is the role of hash functions in legal forensics?

They ensure the integrity of digital evidence, helping to detect if tampering has occurred.

What is the significance of a hash function in digital timestamping?

It allows you to prove that a document existed at a certain time without revealing its content until later.

Why are Merkle trees important in blockchain technology?

They efficiently hash large data structures and allow secure verification of transactions in a blockchain.

Why do some forensic investigators continue to use MD5 despite its vulnerabilities?

Its collisions don’t present useful attacks in their specific applications, making it still suitable for certain non-critical uses.

What is a collision in the context of hash functions?

It occurs when two different inputs produce the same hash value, potentially compromising the security of the system.

What role do hash functions play in key updating and autokeying?

They are used to generate new keys securely, ensuring that compromised keys cannot decrypt older messages.

Why is authenticated encryption considered a modern approach?

It ensures both the confidentiality and integrity of data, protecting against both message tampering and unauthorized access.

How can a hash function be constructed from a block cipher?

By feeding message blocks one at a time to the key input of the block cipher and using feedforward, where each hash value is XOR’ed with the output of the next round, making the operation non-invertible.

What is the relation between block ciphers and hash functions

Hash functions can be constructed from block ciphers, and vice versa. Both can be derived from stream ciphers under certain conditions, making them flexible cryptographic primitives.

How did cryptanalysis progress with MD5?

MD5, which has four rounds and a 128-bit hash value, was broken in 2004 by Xiaoyun Wang and colleagues, making it vulnerable to collisions and insecure for digital certificates.

What is the status of SHA-1 in cryptography?

SHA-1, introduced in 1995 with a 160-bit hash value, was considered insecure after a collision was found in 2017. It has since been replaced by stronger algorithms like SHA-2.

What improvements does SHA-2 offer over SHA-1?

SHA-2, which comes in 256-bit and 512-bit versions, is more secure than SHA-1, with its larger hash sizes providing better resistance to collisions and attacks.

What is the main use of HMAC in cryptography?

it provides message integrity and authentication by hashing a message with a key. It involves two rounds of hashing, making it resistant to certain types of collision attacks.

What is the significance of "preimage resistance" in a hash function?

It ensures that, given a hash output, it is computationally infeasible to reverse the process and find the original input. This is crucial for protecting the secrecy of data.

what attack exploits a paradox

The birthday attack exploits the birthday paradox to find collisions in a hash function faster than brute force. It significantly reduces the complexity of finding a hash collision, hence requiring larger hash sizes for security.

what security did blue ray use

A 128-bit cipher such as AES used to be just about adequate, and in fact the AACS content protection mechanism in Blu-ray DVDs used ‘AES-H’, the hash function derived from AES in this way.

backward security

The point is that if an attacker compromises one of their systems and steals the key, he only gets the current key and is unable to decrypt back traffic. The chain of compromise is broken by the hash function's one-wayness.

The use of asymmetric cryptography allows

slightly stronger form of forward security, namely that as soon as a compromised terminal exchanges a message with an uncompromised one which the opponent doesn't control, security can be recovered even if the message is in plain sight.