Cryptography Reference
In-Depth Information
General introductions to hash functions can be found inmost topics on cryptography,
ranging from the relaxed approach of Ferguson, Schneier and Kohno [75] through to
the more formal treatment in Katz and Lindell [105]. More details about the theory
behind birthday attacks can be found in most topics, including a detailed explanation
in Vaudenay [194].
While the properties and applications of hash functions are fairly stable, the actual
hash functions that are used in applications will change significantly over the coming
years. This is because the NIST SHA-3 competition will define the hash functions of
the future and is not due to complete until 2012. The latest news, and ultimately
the final results, of the NIST SHA-3 competition are best obtained from the official
website [132]. Until then, the most commonly deployed hash functions are probably
SHA-1 and the SHA-2 family, which are all described in FIPS 180-2 [80]. Other
hash functions that we mentioned include RIPEMD-160 [62] and Whirlpool [28].
All these hash functions are included in ISO/IEC 10118 [2]. A good example of
the relationship between academic attacks and real-world impact is the aftermath
of the cryptanalysis of SHA-1 in 2005. The comments made by Bruce Schneier
[166] indicate both the significance, and to an extent the lack of significance, of the
immediate impact. A fun explanation of hash functions, their security properties and
some of their applications can be found at Friedl [86].
More information about the MAC algorithms that we discussed in this chapter
are provided by the full specifications of CBC-MAC in ISO/IEC 9797 [18] and
HMAC in FIPS 198 [81] and RFC 2104 [113]. A good list of practical issues that
need to be taken care of when implementing MACs is provided in Handschuh and
Preneel [95]. A discussion of the order in which to conduct encryption and MAC can
be found in Ferguson, Schneier and Kohno [75]. Further details of the authenticated
encryption modes that we discussed can be found for CCM [135], EAX [30] and
OCB [165] mode. Authenticated encryption modes are also standardised in ISO/IEC
19772 [13].
Playing with many of the hash functions mentioned in this chapter is made easy
through the use of CrypTool [52]. Recommended is the hash demonstration, which
allows minor changes to be made to an input file and then the similarity of the
resulting hash outputs to be measured.
1
. One class of weak data integrity mechanisms (which we did not discuss in any
detail) can only detect accidental modification of data.
(a) A single
parity check bit
consists of the XOR of all the bits in the data. What
types of accidental errors will this simple integrity mechanism detect?
(b) In what ways are cyclic redundancy checks (CRCs) better data integrity
mechanisms than parity check bits?
