Introduction
In hash function H accepts a variable length block of input data called as ‘M’ and produces the fixed size hash value can be represented as h = M(H).
 |
| Figure: Block Diagram of Hash Function |
When hash
function provides security, this is called cryptographic hash functions. Hash
function protects the integrity of the message. If encryption process is
applying on message with hash function, it is also providing authentication and
confidentiality.
A hash function provides a property that has function applied on variable amount of data (M) and then it produces the fixed amount of output data. If any bit or bits changes in the data, then whole hash function output data will also change. Cryptographic has function is one-way function, which is practically infeasible to invert. The most popular hashing algorithm is MD5 and SHA.
Security Requirement of Hash Function
The first
three properties are requirements for the practical application of a
hash function.
The fourth
property, preimage resistant, is the one-way property: it is easy to
generate a code given a message, but virtually impossible to generate a message
given a code. This property is important if the authentication technique
involves the use of a secret value. However, if the hash function is not one
way, an attacker can easily discover the secret value.
The fifth
property, second preimage resistant, guarantees that it is impossible
to find an alternative message with the same hash value as a given message.
This prevents forgery when an encrypted hash code is used. If this property
were not true, an attacker would be capable of the following sequence: First,
observe or intercept a message plus its encrypted hash code; second, generate
an unencrypted hash code from the message; third, generate an alternate message
with the same hash code.
If the sixth
property, collision resistant, is also satisfied, then it is referred
to as a strong hash function. A strong hash function protects against an attack
in which one party generates a message for another party to sign. For example,
suppose Bob writes an IOU message, sends it to Alice, and she signs it. Bob
finds two messages with the same hash, one of which requires Alice to pay a
small amount and one that requires a large payment. Alice signs the first
message, and Bob is then able to claim that the second message is authentic.
To learn more about Security Requirement of hash function, Click here
No comments:
Post a Comment