One way hash
functions are easy
to compute, but
hard to reverse
Brute force can be
used against simple
one-way hash
functions
Sometimes they
have no inverse at all
One way hash
functions are usually
a lot smaller than the
origional input
Examples
MD5
MD4
SHA
RIPE-MD-60
Hashing
Hashing is used for hash
tables data so that there is
a direct relation to the data
content and storage
location
Instead of storing each data item in the
next free memory location, it's data
location is determined by a an algorithem
that uses a key part of the data
We can then
access that bit of
data using it's key
value alone
Simple hash
function methods
Truncation
Take a few of the first or
last characters of the key
as the hash code. Works
well if the characters are
well distributed
Mid-square
The key is squared
and the middle digits
of the re sult are
used as the hashed
value
Folding
the key is partitioned
into several parts and
the su m of the parts is
used to produce the
hash code
One-way hash functions
Simple hash
functions cause
collisions - where
there is more than
one hash keys
resulting in the
same index.
For security, we need
unique keys to be
generated. This is known
as collision-free hashing
Needs to be easy
to compute, but
hard to inverse
Passwords
It is possible to extract
authentication information
from the target system
Plain text
passwords should
NEVER be stored
The same hashing function is
used when the user logs in,
and it is compared with the
value in the database
If the files containing the hashed is
stolen, the thief has not got the
passwords, just the irreversable hashes
If the thief knows the length of
password, then it is possible to
crack. This can be made
harder by adding a salt.
Hash Salt
Hash salt is additional
data that is used as an
additional input to a
one-way hash function
Helps defend against
dictionary attacks
A new salt is
randomly
generated for
each password
Usually the the salt
and the password
are concatenated
and processed with
a cryptographic
hash function
The resulting
output is then
stored with
the salt in the
database
These are used for
storing nearly all
user credentials