Cryptography Reference
In-Depth Information
Problems
11.1.
Compute the output of the first round of stage 1 of SHA-1 for a 512-bit input
block of
1.
x
=
{
0
...
00
}
2.
x
=
{
0
...
01
}
(i.e., bit 512 is one).
Ignore the initial hash value
H
0
for this problem (i.e.,
A
0
=
B
0
=
...
= 00000000
hex
).
11.2.
One of the earlier applications of cryptographic hash functions was the stor-
age of passwords for user authentication in computer systems. With this method, a
password is hashed after its input and is compared to the stored (hashed) reference
password. People realized early that it is sufficient to only store the hashed versions
of the passwords.
1. Assume you are a hacker and you got access to the hashed password list. Of
course, you would like to recover the passwords from the list in order to imper-
sonate some of the users. Discuss which of the three attacks below allow this.
Exactly describe the consequences of each of the attacks:
Attack A: You can break the one-way property of
h
.
Attack B: You can find second preimages for
h
.
Attack C: You can find collisions for
h
.
2. Why is this technique of storing hashed passwords often extended by the use
of a so-called
salt
?(A
salt
is a random value appended to the password before
hashing. Together with the hash, the value of the
salt
is stored in the list of hashed
passwords.) Are the attacks above affected by this technique?
3. Is a hash function with an output length of 80 bit sufficient for this application?
11.3.
Draw a block digram for the following hash functions built from a block cipher
e
():
1.
e
(
H
i
−
1
,
x
i
)
⊕
x
i
2.
e
(
H
i
−
1
,
x
i
⊕
H
i
−
1
)
⊕
x
i
⊕
H
i
−
1
3.
e
(
H
i
−
1
,
x
i
)
⊕
x
i
⊕
H
i
−
1
4.
e
(
H
i
−
1
,
x
i
⊕
H
i
−
1
)
⊕
x
i
5.
e
(
x
i
,
H
i
−
1
)
⊕
H
i
−
1
6.
e
(
x
i
,
x
i
⊕
H
i
−
1
)
⊕
x
i
⊕
H
i
−
1
7.
e
(
x
i
,
H
i
−
1
)
⊕
x
i
⊕
H
i
−
1
8.
e
(
x
i
,
x
i
⊕
H
i
−
1
)
⊕
H
i
−
1
⊕
H
i
−
1
,
x
i
)
⊕
9.
e
(
x
i
x
i
⊕
H
i
−
1
,
H
i
−
1
)
⊕
10.
e
(
x
i
H
i
−
1
11.
e
(
x
i
⊕
H
i
−
1
,
x
i
)
⊕
H
i
−
1
12.
e
(
x
i
⊕
H
i
−
1
,
H
i
−
1
)
⊕
x
i
