P2L8: Hashes Flashcards
What are characteristics of a Hash Function?
- One-Way Property: Computationally infeasible for you to get the same value given two different inputs
- Can make a hash of data regardless of size
- Fixed length output: 128 - 512 bits
What is the pigeonhole principle?
If the number of pigeons (N) exceeds the number of holes (M) then one hole must have more than one pigeon
What is the birthday paradox?
- How many people do you need to have in a room for two of them to have a 50% chance of having the same birthday?
- Using the pigeonhole principle we can conclude that if there are 365 unique birthdays we’d need 366 people for a 100% chance
- 1 - (k)_n / (k^n) if k = 365 then n = 19 (the square root of k)
- Which is actually just n (n - 1) / (2^k) so it’s just the square root of k
In hashing, since there can be more data but it always hashes to a fixed hash output there will always be more pigeonholes than pigeons? (T/F)
False, there will always be more pigeons than pigeonholes
The hash function should be mathematically impossible to get duplicate hashes with different inputs (T/F)
False. It should just be computationally infeasible
What should you do to ensure a low likelihood of a collision?
The longer the length the less likely there will be a collision
What length does a hash value need to be to be considered secure nowadays?
At least 128 bits
If the length of the hash is 128 bits then how many messages does an attacker need to search in order to find two that share the same hash?
- Formula = 2^(L/2) where L is the length of the hash so…
* 2^(128/2) = 2^64
Who invented the SHA algorithms?
What is the hash length of the SHA-1 algorithm?
What is the hash length of the SHA2 algorithm?
256, 384 or 512 bit hashes
Why can’t SHA-1 be used for Message Authentication (MAC)?
Because it doesn’t rely on a secret
What is HMAC?
- It is a SHA-1 algorithm with a secret key built into it
- Chosen as the mandatory-to-implement MAC for IP security
- Used in TLS network protocol
