Cryptography Reference
In-Depth Information
(c) Explain why a CRC is not a strong data integrity mechanism.
(d) Identify two different applications that use CRCs to provide data integrity
and explain why they do not need a stronger data integrity mechanism.
2
. By considering the analogy of a birthday being a 'hash' of a person's identity,
explain the following terms:
(a) preimage resistance;
(b) second preimage resistance;
(c) collision resistance;
(d) the birthday paradox.
3
. The term
hash function
has a more general interpretation in computer science,
where the hash functions that we have discussed are often called
cryptographic
hash functions
.
(a) Which properties are shared by
cryptographic hash functions
and the more
general computer science
hash functions
?
(b) What applications are there for such general hash functions?
4
. Explain which of the practical and security properties of a hash function are
most useful for the following applications:
(a) storing a passphrase;
(b) generating a short-lived key by hashing a long-term key;
(c) HMAC;
(d) digital signature schemes with appendix;
(e) computer virus detection.
5
. Which of the practical and security properties of a hash function do the following
mathematical functions have:
(a) Reducing a number modulo
n
?
(b) Multiplying two primes together?
6
. Explain in detail the extent to which a hash function can be used to provide data
integrity.
7
. PINs are a commonly used security mechanisms.
(a) In a class of 120 students who have been assigned 4-digit PINs by their
banks (and have not changed them) is it more, or less,
likely that two
students have the same PIN to protect their payment card?
(b) Approximately how many students would you need to have in the class
before a similar likelihood was expected if banks used 5-digit PINs instead?
8
.An
exhaustive hash search
is an attack which repeatedly computes the output
of a hash function for a large number of inputs.
(a) What threats are posed by an exhaustive hash search?
(b) What countermeasures can be used to protect against an exhaustive hash
search?
